Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe

Overview

General Information

Sample name:SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe
Analysis ID:1546636
MD5:5009b1ef6619eca039925510d4fd51a1
SHA1:22626aa57e21291a995615f9f6bba083d8706764
SHA256:fbc8c32bf799a005c57540a2e85dd3662ed5795a55f11495f0ba569bbb09df59
Tags:exe
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Switches to a custom stack to bypass stack traces
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
{"C2 url": ["arenbootk.sbs", "strikebripm.sbs", "ostracizez.sbs", "definitib.sbs", "activedomest.sbs", "offybirhtdi.sbs", "mediavelk.sbs", "elaboretib.sbs"], "Build id": "4SD0y4--MAGISTER"}
SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
    No Sigma rule has matched
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-01T10:22:00.071140+010020283713Unknown Traffic192.168.2.449730104.102.49.254443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-01T10:21:59.136713+010020568351Domain Observed Used for C2 Detected192.168.2.4643241.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-01T10:21:59.062676+010020568381Domain Observed Used for C2 Detected192.168.2.4611491.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-01T10:21:59.108355+010020568441Domain Observed Used for C2 Detected192.168.2.4510051.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-01T10:21:59.098384+010020568471Domain Observed Used for C2 Detected192.168.2.4648701.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-01T10:21:59.123990+010020568411Domain Observed Used for C2 Detected192.168.2.4641401.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-01T10:21:59.147962+010020568321Domain Observed Used for C2 Detected192.168.2.4539841.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-01T10:21:59.076356+010020568531Domain Observed Used for C2 Detected192.168.2.4529981.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-01T10:21:59.087484+010020568501Domain Observed Used for C2 Detected192.168.2.4643711.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-01T10:22:00.753590+010028586661Domain Observed Used for C2 Detected192.168.2.449730104.102.49.254443TCP

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeAvira: detected
    Source: 0.2.SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe.810000.0.unpackMalware Configuration Extractor: LummaC {"C2 url": ["arenbootk.sbs", "strikebripm.sbs", "ostracizez.sbs", "definitib.sbs", "activedomest.sbs", "offybirhtdi.sbs", "mediavelk.sbs", "elaboretib.sbs"], "Build id": "4SD0y4--MAGISTER"}
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeReversingLabs: Detection: 79%
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.5% probability
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeJoe Sandbox ML: detected
    Source: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpString decryptor: offybirhtdi.sbs
    Source: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpString decryptor: activedomest.sbs
    Source: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpString decryptor: arenbootk.sbs
    Source: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpString decryptor: mediavelk.sbs
    Source: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpString decryptor: definitib.sbs
    Source: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpString decryptor: elaboretib.sbs
    Source: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpString decryptor: strikebripm.sbs
    Source: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpString decryptor: ostracizez.sbs
    Source: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpString decryptor: arenbootk.sbs
    Source: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--MAGISTER
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-42h]0_2_0081E1A0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then jmp eax0_2_0084E210
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+75E07B5Ch]0_2_0081E990
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-0000008Ah]0_2_0081CF90
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then add ecx, eax0_2_0083A083
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-6Ch]0_2_0083A083
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then mov dword ptr [eax+ebx], 30303030h0_2_00811000
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then mov dword ptr [eax+ebx], 20202020h0_2_00811000
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]0_2_0084F020
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then mov esi, dword ptr [esp+1Ch]0_2_0084F020
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then mov edx, eax0_2_0083702F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then jmp ecx0_2_0082104F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then movzx ebx, byte ptr [esi+ecx+38h]0_2_0082E07E
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then mov ecx, dword ptr [0085DCFCh]0_2_0084C132
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then mov esi, ecx0_2_00852165
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then jmp ecx0_2_00838290
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], B62B8D10h0_2_0083D2FD
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then mov ebx, dword ptr [esp]0_2_0083D2FD
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], B62B8D10h0_2_0083C3A6
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+29352E8Dh]0_2_00855330
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then mov edx, dword ptr [esp+04h]0_2_008114A8
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then jmp ecx0_2_008214CE
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then mov ebp, edx0_2_008524E0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then mov edx, dword ptr [esi+64h]0_2_008415DC
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then jmp ecx0_2_008535F0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then movzx eax, byte ptr [ebp+ecx-14h]0_2_008535F0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+58h]0_2_00832520
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax]0_2_008336AC
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax-3ED06EDAh]0_2_0084C7A0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_0083E7B0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then mov byte ptr [eax], cl0_2_0083F73A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then jmp ecx0_2_00853740
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then movzx eax, byte ptr [ebp+ecx-14h]0_2_00853740
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then mov byte ptr [eax], cl0_2_00840887
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_00815890
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then add edx, esi0_2_008398F2
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then jmp ecx0_2_008539C0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then movzx eax, byte ptr [ebp+ecx-14h]0_2_008539C0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then mov ecx, eax0_2_0083F9D0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then mov dword ptr [esi+10h], edx0_2_0083F9D0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0083F9D0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0083F9D0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then movzx eax, byte ptr [ebp+ecx-14h]0_2_00853A90
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then and esi, 001FF800h0_2_00814BA0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then mov dword ptr [esp+04h], ecx0_2_0082FBA0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then movzx eax, byte ptr [esp+edx+6D44C030h]0_2_0083AB20
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 9ABDB589h0_2_0083AB20
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00848C80
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+6D44C02Ch]0_2_0084FC90
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then mov edi, esi0_2_0084BCA9
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then cmp byte ptr [esi+eax], 00000000h0_2_0083ECE0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h0_2_00854C40
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then movzx eax, byte ptr [ebp+ecx-14h]0_2_00853D90
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then mov word ptr [edx], bp0_2_00831EC5
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then mov word ptr [ecx], di0_2_00831EC5
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then jmp edx0_2_00818EF0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 4x nop then mov byte ptr [eax], cl0_2_00840F3E

    Networking

    barindex
    Source: Network trafficSuricata IDS: 2056838 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (arenbootk .sbs) : 192.168.2.4:61149 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056853 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ostracizez .sbs) : 192.168.2.4:52998 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056844 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (definitib .sbs) : 192.168.2.4:51005 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056835 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (activedomest .sbs) : 192.168.2.4:64324 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056850 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (strikebripm .sbs) : 192.168.2.4:64371 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056847 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (elaboretib .sbs) : 192.168.2.4:64870 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056841 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mediavelk .sbs) : 192.168.2.4:64140 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056832 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (offybirhtdi .sbs) : 192.168.2.4:53984 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49730 -> 104.102.49.254:443
    Source: Malware configuration extractorURLs: arenbootk.sbs
    Source: Malware configuration extractorURLs: strikebripm.sbs
    Source: Malware configuration extractorURLs: ostracizez.sbs
    Source: Malware configuration extractorURLs: definitib.sbs
    Source: Malware configuration extractorURLs: activedomest.sbs
    Source: Malware configuration extractorURLs: offybirhtdi.sbs
    Source: Malware configuration extractorURLs: mediavelk.sbs
    Source: Malware configuration extractorURLs: elaboretib.sbs
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 104.102.49.254:443
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693148734.00000000012CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cb3e1a0cb63bea3f237584fc972a7c186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=37a25c73fac7d332a691bded; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type26214Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveFri, 01 Nov 2024 09:22:00 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: arenbootk.sbs
    Source: global trafficDNS traffic detected: DNS query: ostracizez.sbs
    Source: global trafficDNS traffic detected: DNS query: strikebripm.sbs
    Source: global trafficDNS traffic detected: DNS query: elaboretib.sbs
    Source: global trafficDNS traffic detected: DNS query: definitib.sbs
    Source: global trafficDNS traffic detected: DNS query: mediavelk.sbs
    Source: global trafficDNS traffic detected: DNS query: activedomest.sbs
    Source: global trafficDNS traffic detected: DNS query: offybirhtdi.sbs
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690348149.0000000001294000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690348149.0000000001294000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690348149.0000000001294000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1692993562.0000000001292000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1691498755.0000000001292000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuX
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=e
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690348149.0000000001294000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1692993562.0000000001292000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1691498755.0000000001292000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1692993562.0000000001292000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1691498755.0000000001292000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=uDUW
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1692993562.0000000001292000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1691498755.0000000001292000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englis
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu&
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690348149.0000000001294000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690348149.0000000001294000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.0000000001296000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690348149.0000000001294000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.0000000001296000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690348149.0000000001294000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900iR
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690348149.00000000012C1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1691544688.00000000012CE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693148734.00000000012CE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690348149.00000000012C1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cb3e1a0cb63bea3f
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690348149.0000000001294000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690348149.0000000001294000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00846B70 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_00846B70
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00846B70 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_00846B70
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00846D70 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,0_2_00846D70

    System Summary

    barindex
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeStatic PE information: section name: .vmp+
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeStatic PE information: section name: .vmp+
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeStatic PE information: section name: .vmp+
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00D09F73 NtDelayExecution,0_2_00D09F73
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0081E1A00_2_0081E1A0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0081F7550_2_0081F755
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0081E9900_2_0081E990
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008170B00_2_008170B0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008330E00_2_008330E0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0082F0E60_2_0082F0E6
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008540E00_2_008540E0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0084B0F00_2_0084B0F0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008110000_2_00811000
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008150000_2_00815000
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0082D0100_2_0082D010
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0102019A0_2_0102019A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00A050000_2_00A05000
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008360220_2_00836022
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0084F0200_2_0084F020
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0083702F0_2_0083702F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008550400_2_00855040
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0082104F0_2_0082104F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0082E07E0_2_0082E07E
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008F11BF0_2_008F11BF
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008191E90_2_008191E9
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008311000_2_00831100
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0083A1120_2_0083A112
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008831110_2_00883111
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008781470_2_00878147
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0096E1570_2_0096E157
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008521650_2_00852165
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00A641410_2_00A64141
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0087116C0_2_0087116C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008382900_2_00838290
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_009082BE0_2_009082BE
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_009322AC0_2_009322AC
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00AE42FF0_2_00AE42FF
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00A152F30_2_00A152F3
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008112D50_2_008112D5
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00A702FC0_2_00A702FC
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0083D2FD0_2_0083D2FD
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_009452110_2_00945211
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00A0F2260_2_00A0F226
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00A0E22F0_2_00A0E22F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00AEC2080_2_00AEC208
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_009C22200_2_009C2220
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00A762740_2_00A76274
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0081A2600_2_0081A260
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00A542460_2_00A54246
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0083C3A60_2_0083C3A6
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008A53B30_2_008A53B3
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00A3A3990_2_00A3A399
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0083B3D00_2_0083B3D0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008FD3D20_2_008FD3D2
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008383E20_2_008383E2
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0083E3F00_2_0083E3F0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008113280_2_00811328
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008393280_2_00839328
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008553300_2_00855330
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_009DC3250_2_009DC325
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_009E53490_2_009E5349
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008C53520_2_008C5352
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00C243220_2_00C24322
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00AD43430_2_00AD4343
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0095849A0_2_0095849A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0086949D0_2_0086949D
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008214CE0_2_008214CE
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008524E00_2_008524E0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0088840A0_2_0088840A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_009B145C0_2_009B145C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008204600_2_00820460
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008444610_2_00844461
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00A735BC0_2_00A735BC
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_009155D90_2_009155D9
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008265D70_2_008265D7
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008415DC0_2_008415DC
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_009CBE920_2_009CBE92
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008695E30_2_008695E3
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008535F00_2_008535F0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0095751E0_2_0095751E
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0083A5100_2_0083A510
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_009CE50F0_2_009CE50F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00FCC5610_2_00FCC561
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008325200_2_00832520
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0084A5230_2_0084A523
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0083F5700_2_0083F570
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008E16960_2_008E1696
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_009336F80_2_009336F8
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008F46110_2_008F4611
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008996160_2_00899616
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00AEF6080_2_00AEF608
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00A326710_2_00A32671
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00AF77AB0_2_00AF77AB
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0084C7A00_2_0084C7A0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0084B7B00_2_0084B7B0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008C87DA0_2_008C87DA
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0082D7F80_2_0082D7F8
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008527000_2_00852700
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00A0C70C0_2_00A0C70C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0083F73A0_2_0083F73A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008537400_2_00853740
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008EC77F0_2_008EC77F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008337700_2_00833770
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008408870_2_00840887
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_009C58AD0_2_009C58AD
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00A268910_2_00A26891
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008408B10_2_008408B1
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00A6C8FE0_2_00A6C8FE
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008398F20_2_008398F2
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0084F8000_2_0084F800
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00A2A8020_2_00A2A802
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0082E8370_2_0082E837
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008798410_2_00879841
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008A28600_2_008A2860
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008269970_2_00826997
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008379B00_2_008379B0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0095A9AE0_2_0095A9AE
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008539C00_2_008539C0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0083F9D00_2_0083F9D0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_009419CB0_2_009419CB
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008929E00_2_008929E0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00AE69C30_2_00AE69C3
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008139300_2_00813930
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_009A39200_2_009A3920
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00AED97C0_2_00AED97C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0081DA800_2_0081DA80
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00D10ADA0_2_00D10ADA
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00853A900_2_00853A90
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0089BA9E0_2_0089BA9E
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00A35ABF0_2_00A35ABF
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00817AB00_2_00817AB0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_009A7A370_2_009A7A37
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00824A4C0_2_00824A4C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00C43BD60_2_00C43BD6
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0082FBA00_2_0082FBA0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00980BB10_2_00980BB1
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00844BC70_2_00844BC7
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0083CBD00_2_0083CBD0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0086EBD50_2_0086EBD5
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00852B100_2_00852B10
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008E2B160_2_008E2B16
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0083AB200_2_0083AB20
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00AF7B600_2_00AF7B60
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00ABEC870_2_00ABEC87
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0084BCA90_2_0084BCA9
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_008A4CCE0_2_008A4CCE
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0083ECE00_2_0083ECE0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00D14CBE0_2_00D14CBE
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00853D900_2_00853D90
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0081ADB00_2_0081ADB0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00816D100_2_00816D10
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_009CBE920_2_009CBE92
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0084AE900_2_0084AE90
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00A8BEE80_2_00A8BEE8
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00831EC50_2_00831EC5
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00818EF00_2_00818EF0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00A10E390_2_00A10E39
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00843E240_2_00843E24
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00823E450_2_00823E45
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00852FB00_2_00852FB0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00819FF50_2_00819FF5
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0082CFFF0_2_0082CFFF
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00A76F370_2_00A76F37
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_009A5F0F0_2_009A5F0F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0102CEA40_2_0102CEA4
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00840F3E0_2_00840F3E
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0081DF600_2_0081DF60
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00849F610_2_00849F61
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: String function: 0081C890 appears 69 times
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: String function: 0081E190 appears 152 times
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesupportmainfresh_prog.exeL, vs SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000000.1666558485.0000000001095000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesupportmainfresh_prog.exeL, vs SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeBinary or memory string: OriginalFilenamesupportmainfresh_prog.exeL, vs SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@9/1
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00842240 CoCreateInstance,0_2_00842240
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeReversingLabs: Detection: 79%
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeSection loaded: dpapi.dllJump to behavior
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeStatic file information: File size 5952512 > 1048576
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeStatic PE information: Raw size of .vmp+ is bigger than: 0x100000 < 0x581a00
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: initial sampleStatic PE information: section where entry point is pointing to: .vmp+
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeStatic PE information: section name: .vmp+
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeStatic PE information: section name: .vmp+
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeStatic PE information: section name: .vmp+
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0084E650 push eax; mov dword ptr [esp], F4F5F6F7h0_2_0084E65E
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_0089F7D8 push 0000000Dh; ret 0_2_008F5292
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00D14CBE push ebx; iretd 0_2_00B7DCC3
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00869D32 push ebx; retf 0_2_00869D36
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00C74FE0 push ebp; ret 0_2_00C750E4

    Malware Analysis System Evasion

    barindex
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeAPI/Special instruction interceptor: Address: C45AD4
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeAPI/Special instruction interceptor: Address: C3DA53
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeAPI/Special instruction interceptor: Address: 106F62F
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeAPI/Special instruction interceptor: Address: B67272
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeAPI/Special instruction interceptor: Address: 1063D3E
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeAPI/Special instruction interceptor: Address: 1039AFA
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeAPI/Special instruction interceptor: Address: 1058559
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00A54246 rdtsc 0_2_00A54246
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe TID: 7440Thread sleep time: -60000s >= -30000sJump to behavior
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690348149.00000000012C1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1692915703.000000000126A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00A54246 rdtsc 0_2_00A54246
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeCode function: 0_2_00850F10 LdrInitializeThunk,0_2_00850F10

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: offybirhtdi.sbs
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: activedomest.sbs
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: arenbootk.sbs
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: mediavelk.sbs
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: definitib.sbs
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: elaboretib.sbs
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: strikebripm.sbs
    Source: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: ostracizez.sbs
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    PowerShell
    1
    DLL Side-Loading
    1
    DLL Side-Loading
    1
    Virtualization/Sandbox Evasion
    OS Credential Dumping111
    Security Software Discovery
    Remote Services1
    Screen Capture
    11
    Encrypted Channel
    Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts11
    Deobfuscate/Decode Files or Information
    LSASS Memory1
    Virtualization/Sandbox Evasion
    Remote Desktop Protocol1
    Archive Collected Data
    1
    Ingress Tool Transfer
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)3
    Obfuscated Files or Information
    Security Account Manager12
    System Information Discovery
    SMB/Windows Admin Shares2
    Clipboard Data
    2
    Non-Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    DLL Side-Loading
    NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture113
    Application Layer Protocol
    Traffic DuplicationData Destruction
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe79%ReversingLabsWin32.Adware.RedCap
    SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe100%AviraHEUR/AGEN.1313486
    SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe100%Joe Sandbox ML
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    SourceDetectionScannerLabelLink
    https://player.vimeo.com0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://recaptcha.net/recaptcha/;0%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://medal.tv0%URL Reputationsafe
    https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://login.steampowered.com/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe
    https://steam.tv/0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://recaptcha.net0%URL Reputationsafe
    https://store.steampowered.com/0%URL Reputationsafe
    https://lv.queniujq.cn0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
    https://checkout.steampowered.com/0%URL Reputationsafe
    https://help.steampowered.com/0%URL Reputationsafe
    https://api.steampowered.com/0%URL Reputationsafe
    http://store.steampowered.com/account/cookiepreferences/0%URL Reputationsafe
    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://store.steampowered.com/mobile0%URL Reputationsafe
    https://store.steampowered.com/;0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    104.102.49.254
    truetrue
      unknown
      mediavelk.sbs
      unknown
      unknowntrue
        unknown
        activedomest.sbs
        unknown
        unknowntrue
          unknown
          ostracizez.sbs
          unknown
          unknowntrue
            unknown
            definitib.sbs
            unknown
            unknowntrue
              unknown
              strikebripm.sbs
              unknown
              unknowntrue
                unknown
                arenbootk.sbs
                unknown
                unknowntrue
                  unknown
                  offybirhtdi.sbs
                  unknown
                  unknowntrue
                    unknown
                    elaboretib.sbs
                    unknown
                    unknowntrue
                      unknown
                      NameMaliciousAntivirus DetectionReputation
                      strikebripm.sbstrue
                        unknown
                        ostracizez.sbstrue
                          unknown
                          offybirhtdi.sbstrue
                            unknown
                            mediavelk.sbstrue
                              unknown
                              https://steamcommunity.com/profiles/76561199724331900true
                                unknown
                                definitib.sbstrue
                                  unknown
                                  elaboretib.sbstrue
                                    unknown
                                    activedomest.sbstrue
                                      unknown
                                      arenbootk.sbstrue
                                        unknown
                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://steamcommunity.com/my/wishlist/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                          unknown
                                          https://player.vimeo.comSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          unknown
                                          https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                            unknown
                                            https://steamcommunity.com/?subsection=broadcastsSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                              unknown
                                              https://help.steampowered.com/en/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              unknown
                                              https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcVSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                unknown
                                                https://steamcommunity.com/market/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  unknown
                                                  https://store.steampowered.com/news/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  unknown
                                                  https://steamcommunity.com/profiles/76561199724331900iRSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.0000000001296000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690348149.0000000001294000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    unknown
                                                    https://store.steampowered.com/subscriber_agreement/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    https://www.gstatic.cn/recaptcha/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    http://store.steampowered.com/subscriber_agreement/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690348149.0000000001294000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1692993562.0000000001292000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1691498755.0000000001292000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      unknown
                                                      https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690348149.0000000001294000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        unknown
                                                        https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuXSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1692993562.0000000001292000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1691498755.0000000001292000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          unknown
                                                          https://recaptcha.net/recaptcha/;SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          unknown
                                                          https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpESecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            unknown
                                                            http://www.valvesoftware.com/legal.htmSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            unknown
                                                            https://steamcommunity.com/discussions/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              unknown
                                                              https://www.youtube.comSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                unknown
                                                                https://www.google.comSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  unknown
                                                                  https://store.steampowered.com/stats/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  unknown
                                                                  https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&amp;l=englisSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    unknown
                                                                    https://medal.tvSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    https://broadcast.st.dl.eccdnx.comSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&ampSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      unknown
                                                                      https://store.steampowered.com/steam_refunds/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?vSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        unknown
                                                                        https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          unknown
                                                                          https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690348149.0000000001294000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            unknown
                                                                            https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=uDUWSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1692993562.0000000001292000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1691498755.0000000001292000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              unknown
                                                                              https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                unknown
                                                                                https://s.ytimg.com;SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  unknown
                                                                                  https://steamcommunity.com/workshop/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    unknown
                                                                                    https://login.steampowered.com/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    unknown
                                                                                    https://store.steampowered.com/legal/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690348149.0000000001294000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    unknown
                                                                                    https://steam.tv/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    unknown
                                                                                    https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&amp;l=englSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      unknown
                                                                                      https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&amp;l=SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        unknown
                                                                                        https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&amp;SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          unknown
                                                                                          https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&amp;l=english&amSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            unknown
                                                                                            http://store.steampowered.com/privacy_agreement/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690348149.0000000001294000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            unknown
                                                                                            https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              unknown
                                                                                              https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&amp;l=engliSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                unknown
                                                                                                https://store.steampowered.com/points/shop/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                unknown
                                                                                                https://recaptcha.netSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                unknown
                                                                                                https://store.steampowered.com/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                unknown
                                                                                                https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&amp;l=eSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  unknown
                                                                                                  https://steamcommunity.comSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690348149.0000000001294000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    unknown
                                                                                                    https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu&amp;SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      unknown
                                                                                                      https://sketchfab.comSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        unknown
                                                                                                        https://lv.queniujq.cnSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        unknown
                                                                                                        https://www.youtube.com/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          unknown
                                                                                                          http://127.0.0.1:27060SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            unknown
                                                                                                            https://store.steampowered.com/privacy_agreement/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cb3e1a0cb63bea3fSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690348149.00000000012C1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              unknown
                                                                                                              https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                unknown
                                                                                                                https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690348149.0000000001294000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  unknown
                                                                                                                  https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  https://www.google.com/recaptcha/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    unknown
                                                                                                                    https://checkout.steampowered.com/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    unknown
                                                                                                                    https://help.steampowered.com/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    unknown
                                                                                                                    https://api.steampowered.com/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    unknown
                                                                                                                    https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28bSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1692993562.0000000001292000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1691498755.0000000001292000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      unknown
                                                                                                                      http://store.steampowered.com/account/cookiepreferences/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690348149.0000000001294000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      unknown
                                                                                                                      https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.pngSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      unknown
                                                                                                                      https://store.steampowered.com/mobileSecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      unknown
                                                                                                                      https://steamcommunity.com/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        unknown
                                                                                                                        https://store.steampowered.com/;SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690348149.00000000012C1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1691544688.00000000012CE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693148734.00000000012CE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        unknown
                                                                                                                        https://store.steampowered.com/about/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000003.1690202682.0000000001301000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        unknown
                                                                                                                        https://community.cloudflare.steamstatic.com/SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe, 00000000.00000002.1693043322.00000000012C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          unknown
                                                                                                                          • No. of IPs < 25%
                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                          • 75% < No. of IPs
                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                          104.102.49.254
                                                                                                                          steamcommunity.comUnited States
                                                                                                                          16625AKAMAI-ASUStrue
                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                          Analysis ID:1546636
                                                                                                                          Start date and time:2024-11-01 10:21:07 +01:00
                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                          Overall analysis duration:0h 2m 53s
                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                          Report type:full
                                                                                                                          Cookbook file name:default.jbs
                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                          Number of analysed new started processes analysed:1
                                                                                                                          Number of new started drivers analysed:0
                                                                                                                          Number of existing processes analysed:0
                                                                                                                          Number of existing drivers analysed:0
                                                                                                                          Number of injected processes analysed:0
                                                                                                                          Technologies:
                                                                                                                          • HCA enabled
                                                                                                                          • EGA enabled
                                                                                                                          • AMSI enabled
                                                                                                                          Analysis Mode:default
                                                                                                                          Analysis stop reason:Timeout
                                                                                                                          Sample name:SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe
                                                                                                                          Detection:MAL
                                                                                                                          Classification:mal100.troj.evad.winEXE@1/0@9/1
                                                                                                                          EGA Information:
                                                                                                                          • Successful, ratio: 100%
                                                                                                                          HCA Information:
                                                                                                                          • Successful, ratio: 81%
                                                                                                                          • Number of executed functions: 10
                                                                                                                          • Number of non-executed functions: 181
                                                                                                                          Cookbook Comments:
                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                          • Stop behavior analysis, all processes terminated
                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                          • VT rate limit hit for: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe
                                                                                                                          TimeTypeDescription
                                                                                                                          05:21:58API Interceptor2x Sleep call for process: SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe modified
                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                          • www.valvesoftware.com/legal.htm
                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          steamcommunity.comHLZwUhcJ28.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          burlar al diablo napoleon hill pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          burlar al diablo napoleon hill pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          buNtKcYHCa.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          yt5xqAvHnZ.exeGet hashmaliciousVidarBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          SecuriteInfo.com.Trojan.TR.Redcap.cdtxw.10783.3124.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          9yJSTTEg68.exeGet hashmaliciousVidarBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          AKAMAI-ASUSfile.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                          • 184.28.90.27
                                                                                                                          file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                          • 23.192.223.231
                                                                                                                          Proposal From Wachler & Associates PC.pdfGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                          • 96.6.168.143
                                                                                                                          file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                          • 104.117.244.112
                                                                                                                          original.emlGet hashmaliciousMamba2FABrowse
                                                                                                                          • 2.19.126.160
                                                                                                                          Fw Message from Kevin - Update on Coles Supply Chain Modernisation 31-10-24.emlGet hashmaliciousUnknownBrowse
                                                                                                                          • 23.201.252.83
                                                                                                                          Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • 184.28.89.148
                                                                                                                          http://3d1.gmobb.jp/dcm299ccyag4e/gov/Get hashmaliciousPhisherBrowse
                                                                                                                          • 184.28.88.244
                                                                                                                          https://dzentec-my.sharepoint.com/:u:/g/personal/i_lahmer_entec-dz_com/EdYp5IxQ-uxJivnPAqSzv40BZiCX7sphz7Kj8JDyRBKqpQ?e=wqutC4Get hashmaliciousUnknownBrowse
                                                                                                                          • 23.38.98.83
                                                                                                                          https://onedrive.live.com/view.aspx?resid=8656653D19C3C7C0!s599af221dbfd41b9a607812ebc66d2cf&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy84NjU2NjUzZDE5YzNjN2MwL0VpSHltbG45MjdsQnBnZUJMcnhtMHM4QjRNbHFPTTJWd0ZlQTFNLWNhZ0lnRkE_ZT1aak8wczY&wd=target%28Sezione%20senza%20titolo.one%7C99ad2a4b-5ecc-495f-9ce8-040ac62eb8f2%2F%5BExternal%5D%20-%20Invoice%20%27s%208808-%7C9e6e973e-3cda-429a-a28f-c51dc242e5b1%2F%29&wdorigin=NavigationUrlGet hashmaliciousUnknownBrowse
                                                                                                                          • 184.28.89.164
                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          E_dekont.cmdGet hashmaliciousDBatLoader, Nitol, PureLog Stealer, XWormBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          No context
                                                                                                                          No created / dropped files found
                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Entropy (8bit):7.874022549731662
                                                                                                                          TrID:
                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                          File name:SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe
                                                                                                                          File size:5'952'512 bytes
                                                                                                                          MD5:5009b1ef6619eca039925510d4fd51a1
                                                                                                                          SHA1:22626aa57e21291a995615f9f6bba083d8706764
                                                                                                                          SHA256:fbc8c32bf799a005c57540a2e85dd3662ed5795a55f11495f0ba569bbb09df59
                                                                                                                          SHA512:2b5bbd9449be00588058966db487c0adfac764827a6691f6a9fc6c3a770a93bda11c732d2eb2a3c660697cbc69b1c71a2bf76d2957f65cd2599fb28098b24f14
                                                                                                                          SSDEEP:98304:S1DARPEaQuozISL3R0yFmGPwnvYw9iyiqWAWjuQCmtGlSliMhabgxEA:oFzuCII9CniytWjuQTtASl9hasb
                                                                                                                          TLSH:8E5623CA2A97C0A6DAC01478D72BFBF621B25DE28D8A4D373DC178CE7071E75216D462
                                                                                                                          File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...S..g.................J............K...........@..........................P........[...@...................................>....
                                                                                                                          Icon Hash:62e8ecb6b6978b17
                                                                                                                          Entrypoint:0x8b0cd4
                                                                                                                          Entrypoint Section:.vmp+
                                                                                                                          Digitally signed:false
                                                                                                                          Imagebase:0x400000
                                                                                                                          Subsystem:windows gui
                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                          Time Stamp:0x6715D353 [Mon Oct 21 04:06:43 2024 UTC]
                                                                                                                          TLS Callbacks:
                                                                                                                          CLR (.Net) Version:
                                                                                                                          OS Version Major:6
                                                                                                                          OS Version Minor:0
                                                                                                                          File Version Major:6
                                                                                                                          File Version Minor:0
                                                                                                                          Subsystem Version Major:6
                                                                                                                          Subsystem Version Minor:0
                                                                                                                          Import Hash:1cb9cfd3ef9cd85ad4551f8f4172969a
                                                                                                                          Instruction
                                                                                                                          push esi
                                                                                                                          pushfd
                                                                                                                          mov esi, A1862BA3h
                                                                                                                          call 00007F4844C7741Bh
                                                                                                                          sub edi, 00000004h
                                                                                                                          mov ecx, 92874782h
                                                                                                                          mov edx, A70EBB07h
                                                                                                                          not ecx
                                                                                                                          mov eax, dword ptr [edi+ecx-6D78B87Dh]
                                                                                                                          xor eax, ebx
                                                                                                                          jmp 00007F4845028413h
                                                                                                                          push 9F15CEA3h
                                                                                                                          lea esp, dword ptr [esp+08h]
                                                                                                                          jmp 00007F4845033A2Dh
                                                                                                                          pop eax
                                                                                                                          adc dx, 2F28h
                                                                                                                          or cl, 0000003Ch
                                                                                                                          xadd word ptr [esp+01h], cx
                                                                                                                          ror ecx, 4Ah
                                                                                                                          xor bx, dx
                                                                                                                          and byte ptr [esp+ecx-54F42EC0h], FFFFFF89h
                                                                                                                          movsx eax, word ptr [esp+ecx-54F42EC0h]
                                                                                                                          mov word ptr [edi+ecx-54F42EC4h], dx
                                                                                                                          shl byte ptr [esp+ecx-54F42EBDh], 00000045h
                                                                                                                          call 00007F4844D317F9h
                                                                                                                          sub eax, ecx
                                                                                                                          sub esi, ecx
                                                                                                                          bsf ecx, edi
                                                                                                                          test dx, si
                                                                                                                          adc dl, 00000006h
                                                                                                                          mov ecx, dword ptr [ebp-38h]
                                                                                                                          mov dx, cx
                                                                                                                          test ax, sp
                                                                                                                          stc
                                                                                                                          shr dx, 0005h
                                                                                                                          cmc
                                                                                                                          sub cx, dx
                                                                                                                          cmp sp, 7CB3h
                                                                                                                          jmp 00007F4844C11EFCh
                                                                                                                          mov ecx, E995ABAAh
                                                                                                                          dec cl
                                                                                                                          mov byte ptr [edx], al
                                                                                                                          mov dword ptr [esp+08h], ecx
                                                                                                                          lea edx, dword ptr [88233ABEh+ecx*4]
                                                                                                                          push edx
                                                                                                                          lea ebp, dword ptr [ebp+edx*2-5CF3D2C8h]
                                                                                                                          mov edx, dword ptr [esp+08h]
                                                                                                                          add edx, FFD26888h
                                                                                                                          jmp edx
                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x3eb9900xa0.vmp+
                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x8860000x2e0cd.rsrc
                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x8850000x65c.reloc
                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x3020000xdc.vmp+
                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                          .text0x10000x449010x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                          .rdata0x460000x253d0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                          .data0x490000xf3b80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                          .vmp+0x590000x2a8fa40x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                          .vmp+0x3020000x2640x4008c4764afdf27947eae39c99eb090a8e5False0.2099609375data1.453711215340228IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                          .vmp+0x3030000x5819500x581a008e4ba3b1cc83dc7a27badb62ccbc9dfeunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                          .reloc0x8850000x65c0x800df935d7597f073b54073c31f253114a9False0.42578125data3.6185785025126203IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                          .rsrc0x8860000x2e0cd0x2aa00026f49131debc2e51e715022f7899e28False0.6065627291055719data6.357319677385651IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                          IMAGE0x8b087c0xca4dataEnglishUnited States0.03350515463917526
                                                                                                                          RT_ICON0x8865380x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3779 x 3779 px/mEnglishGreat Britain0.38625703564727953
                                                                                                                          RT_ICON0x8875e00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 3779 x 3779 px/mEnglishGreat Britain0.22171705243268777
                                                                                                                          RT_ICON0x88b8080x54d5PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9888106092001657
                                                                                                                          RT_ICON0x890ce00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024EnglishGreat Britain0.7021276595744681
                                                                                                                          RT_ICON0x8911480x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216EnglishGreat Britain0.43692946058091287
                                                                                                                          RT_ICON0x8936f00x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536EnglishGreat Britain0.3110582041878623
                                                                                                                          RT_ICON0x8a3f180xc293PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0005219730581598
                                                                                                                          RT_MENU0x8b15200x50emptyEnglishGreat Britain0
                                                                                                                          RT_STRING0x8b15700x594emptyEnglishGreat Britain0
                                                                                                                          RT_STRING0x8b1b040x68aemptyEnglishGreat Britain0
                                                                                                                          RT_STRING0x8b21900x490emptyEnglishGreat Britain0
                                                                                                                          RT_STRING0x8b26200x5fcemptyEnglishGreat Britain0
                                                                                                                          RT_STRING0x8b2c1c0x65cemptyEnglishGreat Britain0
                                                                                                                          RT_STRING0x8b32780x466emptyEnglishGreat Britain0
                                                                                                                          RT_STRING0x8b36e00x158emptyEnglishGreat Britain0
                                                                                                                          RT_RCDATA0x8b38380x800empty0
                                                                                                                          RT_GROUP_ICON0x8b01ac0x30dataEnglishGreat Britain0.875
                                                                                                                          RT_GROUP_ICON0x8b01dc0x3edataEnglishGreat Britain0.8709677419354839
                                                                                                                          RT_VERSION0x8b021c0x394OpenPGP Secret Key0.40611353711790393
                                                                                                                          RT_MANIFEST0x8b05b00x2caXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5028011204481793
                                                                                                                          None0x8b40380x95emptyEnglishUnited States0
                                                                                                                          DLLImport
                                                                                                                          KERNEL32.dllCopyFileW, ExitProcess, GetCommandLineW, GetCurrentProcessId, GetCurrentThreadId, GetLogicalDrives, GetSystemDirectoryW, GlobalLock, GlobalUnlock
                                                                                                                          SHELL32.dllShellExecuteW
                                                                                                                          USER32.dllCloseClipboard, FindWindowExW, GetClipboardData, GetDC, GetForegroundWindow, GetSystemMetrics, GetWindowLongW, GetWindowThreadProcessId, IsWindowEnabled, IsWindowVisible, OpenClipboard, ReleaseDC
                                                                                                                          ole32.dllCoCreateInstance, CoInitializeEx, CoInitializeSecurity, CoSetProxyBlanket, CoUninitialize
                                                                                                                          OLEAUT32.dllSysAllocString, SysFreeString, VariantClear, VariantInit
                                                                                                                          GDI32.dllBitBlt, CreateCompatibleBitmap, CreateCompatibleDC, DeleteDC, DeleteObject, GetCurrentObject, GetDIBits, GetObjectW, GetPixel, SelectObject, StretchBlt
                                                                                                                          KERNEL32.dllHeapAlloc, HeapFree, ExitProcess, GetModuleHandleA, LoadLibraryA, GetProcAddress
                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                          EnglishUnited States
                                                                                                                          EnglishGreat Britain
                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                          2024-11-01T10:21:59.062676+01002056838ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (arenbootk .sbs)1192.168.2.4611491.1.1.153UDP
                                                                                                                          2024-11-01T10:21:59.076356+01002056853ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ostracizez .sbs)1192.168.2.4529981.1.1.153UDP
                                                                                                                          2024-11-01T10:21:59.087484+01002056850ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (strikebripm .sbs)1192.168.2.4643711.1.1.153UDP
                                                                                                                          2024-11-01T10:21:59.098384+01002056847ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (elaboretib .sbs)1192.168.2.4648701.1.1.153UDP
                                                                                                                          2024-11-01T10:21:59.108355+01002056844ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (definitib .sbs)1192.168.2.4510051.1.1.153UDP
                                                                                                                          2024-11-01T10:21:59.123990+01002056841ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mediavelk .sbs)1192.168.2.4641401.1.1.153UDP
                                                                                                                          2024-11-01T10:21:59.136713+01002056835ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (activedomest .sbs)1192.168.2.4643241.1.1.153UDP
                                                                                                                          2024-11-01T10:21:59.147962+01002056832ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (offybirhtdi .sbs)1192.168.2.4539841.1.1.153UDP
                                                                                                                          2024-11-01T10:22:00.071140+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449730104.102.49.254443TCP
                                                                                                                          2024-11-01T10:22:00.753590+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.449730104.102.49.254443TCP
                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                          Nov 1, 2024 10:21:59.175430059 CET49730443192.168.2.4104.102.49.254
                                                                                                                          Nov 1, 2024 10:21:59.175483942 CET44349730104.102.49.254192.168.2.4
                                                                                                                          Nov 1, 2024 10:21:59.175556898 CET49730443192.168.2.4104.102.49.254
                                                                                                                          Nov 1, 2024 10:21:59.198457003 CET49730443192.168.2.4104.102.49.254
                                                                                                                          Nov 1, 2024 10:21:59.198476076 CET44349730104.102.49.254192.168.2.4
                                                                                                                          Nov 1, 2024 10:22:00.071055889 CET44349730104.102.49.254192.168.2.4
                                                                                                                          Nov 1, 2024 10:22:00.071140051 CET49730443192.168.2.4104.102.49.254
                                                                                                                          Nov 1, 2024 10:22:00.074722052 CET49730443192.168.2.4104.102.49.254
                                                                                                                          Nov 1, 2024 10:22:00.074729919 CET44349730104.102.49.254192.168.2.4
                                                                                                                          Nov 1, 2024 10:22:00.075171947 CET44349730104.102.49.254192.168.2.4
                                                                                                                          Nov 1, 2024 10:22:00.122576952 CET49730443192.168.2.4104.102.49.254
                                                                                                                          Nov 1, 2024 10:22:00.149719954 CET49730443192.168.2.4104.102.49.254
                                                                                                                          Nov 1, 2024 10:22:00.191339970 CET44349730104.102.49.254192.168.2.4
                                                                                                                          Nov 1, 2024 10:22:00.753829002 CET44349730104.102.49.254192.168.2.4
                                                                                                                          Nov 1, 2024 10:22:00.753882885 CET44349730104.102.49.254192.168.2.4
                                                                                                                          Nov 1, 2024 10:22:00.753925085 CET44349730104.102.49.254192.168.2.4
                                                                                                                          Nov 1, 2024 10:22:00.753922939 CET49730443192.168.2.4104.102.49.254
                                                                                                                          Nov 1, 2024 10:22:00.753962040 CET44349730104.102.49.254192.168.2.4
                                                                                                                          Nov 1, 2024 10:22:00.753962994 CET49730443192.168.2.4104.102.49.254
                                                                                                                          Nov 1, 2024 10:22:00.753979921 CET49730443192.168.2.4104.102.49.254
                                                                                                                          Nov 1, 2024 10:22:00.753989935 CET44349730104.102.49.254192.168.2.4
                                                                                                                          Nov 1, 2024 10:22:00.754000902 CET49730443192.168.2.4104.102.49.254
                                                                                                                          Nov 1, 2024 10:22:00.754007101 CET44349730104.102.49.254192.168.2.4
                                                                                                                          Nov 1, 2024 10:22:00.754033089 CET49730443192.168.2.4104.102.49.254
                                                                                                                          Nov 1, 2024 10:22:00.754048109 CET49730443192.168.2.4104.102.49.254
                                                                                                                          Nov 1, 2024 10:22:00.762202024 CET44349730104.102.49.254192.168.2.4
                                                                                                                          Nov 1, 2024 10:22:00.762244940 CET44349730104.102.49.254192.168.2.4
                                                                                                                          Nov 1, 2024 10:22:00.762370110 CET44349730104.102.49.254192.168.2.4
                                                                                                                          Nov 1, 2024 10:22:00.762577057 CET49730443192.168.2.4104.102.49.254
                                                                                                                          Nov 1, 2024 10:22:00.814212084 CET49730443192.168.2.4104.102.49.254
                                                                                                                          Nov 1, 2024 10:22:00.814225912 CET44349730104.102.49.254192.168.2.4
                                                                                                                          Nov 1, 2024 10:22:00.814260006 CET49730443192.168.2.4104.102.49.254
                                                                                                                          Nov 1, 2024 10:22:00.814265966 CET44349730104.102.49.254192.168.2.4
                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                          Nov 1, 2024 10:21:59.062675953 CET6114953192.168.2.41.1.1.1
                                                                                                                          Nov 1, 2024 10:21:59.071799040 CET53611491.1.1.1192.168.2.4
                                                                                                                          Nov 1, 2024 10:21:59.076355934 CET5299853192.168.2.41.1.1.1
                                                                                                                          Nov 1, 2024 10:21:59.085136890 CET53529981.1.1.1192.168.2.4
                                                                                                                          Nov 1, 2024 10:21:59.087483883 CET6437153192.168.2.41.1.1.1
                                                                                                                          Nov 1, 2024 10:21:59.097279072 CET53643711.1.1.1192.168.2.4
                                                                                                                          Nov 1, 2024 10:21:59.098383904 CET6487053192.168.2.41.1.1.1
                                                                                                                          Nov 1, 2024 10:21:59.107064009 CET53648701.1.1.1192.168.2.4
                                                                                                                          Nov 1, 2024 10:21:59.108355045 CET5100553192.168.2.41.1.1.1
                                                                                                                          Nov 1, 2024 10:21:59.121588945 CET53510051.1.1.1192.168.2.4
                                                                                                                          Nov 1, 2024 10:21:59.123990059 CET6414053192.168.2.41.1.1.1
                                                                                                                          Nov 1, 2024 10:21:59.133230925 CET53641401.1.1.1192.168.2.4
                                                                                                                          Nov 1, 2024 10:21:59.136713028 CET6432453192.168.2.41.1.1.1
                                                                                                                          Nov 1, 2024 10:21:59.145760059 CET53643241.1.1.1192.168.2.4
                                                                                                                          Nov 1, 2024 10:21:59.147962093 CET5398453192.168.2.41.1.1.1
                                                                                                                          Nov 1, 2024 10:21:59.157310963 CET53539841.1.1.1192.168.2.4
                                                                                                                          Nov 1, 2024 10:21:59.159074068 CET5689753192.168.2.41.1.1.1
                                                                                                                          Nov 1, 2024 10:21:59.166723013 CET53568971.1.1.1192.168.2.4
                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                          Nov 1, 2024 10:21:59.062675953 CET192.168.2.41.1.1.10x4204Standard query (0)arenbootk.sbsA (IP address)IN (0x0001)false
                                                                                                                          Nov 1, 2024 10:21:59.076355934 CET192.168.2.41.1.1.10x9b47Standard query (0)ostracizez.sbsA (IP address)IN (0x0001)false
                                                                                                                          Nov 1, 2024 10:21:59.087483883 CET192.168.2.41.1.1.10xcab5Standard query (0)strikebripm.sbsA (IP address)IN (0x0001)false
                                                                                                                          Nov 1, 2024 10:21:59.098383904 CET192.168.2.41.1.1.10xade5Standard query (0)elaboretib.sbsA (IP address)IN (0x0001)false
                                                                                                                          Nov 1, 2024 10:21:59.108355045 CET192.168.2.41.1.1.10xab66Standard query (0)definitib.sbsA (IP address)IN (0x0001)false
                                                                                                                          Nov 1, 2024 10:21:59.123990059 CET192.168.2.41.1.1.10xcdf5Standard query (0)mediavelk.sbsA (IP address)IN (0x0001)false
                                                                                                                          Nov 1, 2024 10:21:59.136713028 CET192.168.2.41.1.1.10x7a27Standard query (0)activedomest.sbsA (IP address)IN (0x0001)false
                                                                                                                          Nov 1, 2024 10:21:59.147962093 CET192.168.2.41.1.1.10x1b34Standard query (0)offybirhtdi.sbsA (IP address)IN (0x0001)false
                                                                                                                          Nov 1, 2024 10:21:59.159074068 CET192.168.2.41.1.1.10xd192Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                          Nov 1, 2024 10:21:59.071799040 CET1.1.1.1192.168.2.40x4204Name error (3)arenbootk.sbsnonenoneA (IP address)IN (0x0001)false
                                                                                                                          Nov 1, 2024 10:21:59.085136890 CET1.1.1.1192.168.2.40x9b47Name error (3)ostracizez.sbsnonenoneA (IP address)IN (0x0001)false
                                                                                                                          Nov 1, 2024 10:21:59.097279072 CET1.1.1.1192.168.2.40xcab5Name error (3)strikebripm.sbsnonenoneA (IP address)IN (0x0001)false
                                                                                                                          Nov 1, 2024 10:21:59.107064009 CET1.1.1.1192.168.2.40xade5Name error (3)elaboretib.sbsnonenoneA (IP address)IN (0x0001)false
                                                                                                                          Nov 1, 2024 10:21:59.121588945 CET1.1.1.1192.168.2.40xab66Name error (3)definitib.sbsnonenoneA (IP address)IN (0x0001)false
                                                                                                                          Nov 1, 2024 10:21:59.133230925 CET1.1.1.1192.168.2.40xcdf5Name error (3)mediavelk.sbsnonenoneA (IP address)IN (0x0001)false
                                                                                                                          Nov 1, 2024 10:21:59.145760059 CET1.1.1.1192.168.2.40x7a27Name error (3)activedomest.sbsnonenoneA (IP address)IN (0x0001)false
                                                                                                                          Nov 1, 2024 10:21:59.157310963 CET1.1.1.1192.168.2.40x1b34Name error (3)offybirhtdi.sbsnonenoneA (IP address)IN (0x0001)false
                                                                                                                          Nov 1, 2024 10:21:59.166723013 CET1.1.1.1192.168.2.40xd192No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                          • steamcommunity.com
                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          0192.168.2.449730104.102.49.2544437420C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-11-01 09:22:00 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                          Host: steamcommunity.com
                                                                                                                          2024-11-01 09:22:00 UTC1917INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                          Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Date: Fri, 01 Nov 2024 09:22:00 GMT
                                                                                                                          Content-Length: 26214
                                                                                                                          Connection: close
                                                                                                                          Set-Cookie: sessionid=37a25c73fac7d332a691bded; Path=/; Secure; SameSite=None
                                                                                                                          Set-Cookie: steamCountry=US%7Cb3e1a0cb63bea3f237584fc972a7c186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                          2024-11-01 09:22:00 UTC14467INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                          Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                          2024-11-01 09:22:00 UTC11747INData Raw: 22 3f 6c 3d 74 63 68 69 6e 65 73 65 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 63 68 69 6e 65 73 65 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e7 b9 81 e9 ab 94 e4 b8 ad e6 96 87 20 28 54 72 61 64 69 74 69 6f 6e 61 6c 20 43 68 69 6e 65 73 65 29 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 6a 61 70 61 6e 65 73 65 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6a 61 70 61 6e 65 73 65 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e6 97 a5 e6 9c ac e8 aa 9e 20 28 4a
                                                                                                                          Data Ascii: "?l=tchinese" onclick="ChangeLanguage( 'tchinese' ); return false;"> (Traditional Chinese)</a><a class="popup_menu_item tight" href="?l=japanese" onclick="ChangeLanguage( 'japanese' ); return false;"> (J


                                                                                                                          Click to jump to process

                                                                                                                          Click to jump to process

                                                                                                                          Target ID:0
                                                                                                                          Start time:05:21:57
                                                                                                                          Start date:01/11/2024
                                                                                                                          Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.775.32093.2339.exe"
                                                                                                                          Imagebase:0x810000
                                                                                                                          File size:5'952'512 bytes
                                                                                                                          MD5 hash:5009B1EF6619ECA039925510D4FD51A1
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:low
                                                                                                                          Has exited:true

                                                                                                                          Reset < >

                                                                                                                            Execution Graph

                                                                                                                            Execution Coverage:1.3%
                                                                                                                            Dynamic/Decrypted Code Coverage:1.1%
                                                                                                                            Signature Coverage:44.8%
                                                                                                                            Total number of Nodes:87
                                                                                                                            Total number of Limit Nodes:9
                                                                                                                            execution_graph 24228 850e25 24229 850e41 RtlReAllocateHeap 24228->24229 24230 850ee0 24228->24230 24231 850e33 24228->24231 24232 850ee8 24228->24232 24235 850ee6 24229->24235 24237 84e1b0 24230->24237 24231->24229 24231->24232 24240 84e210 24232->24240 24238 84e1d0 24237->24238 24238->24238 24239 84e1f8 RtlAllocateHeap 24238->24239 24239->24235 24241 84e2b0 24240->24241 24242 84e228 RtlFreeHeap 24240->24242 24241->24235 24242->24241 24244 8511e1 24245 8511e0 24244->24245 24245->24244 24247 8511ee 24245->24247 24250 850f10 LdrInitializeThunk 24245->24250 24249 850f10 LdrInitializeThunk 24247->24249 24249->24247 24250->24247 24251 854520 24252 854540 24251->24252 24253 85467e 24252->24253 24255 850f10 LdrInitializeThunk 24252->24255 24255->24253 24256 85154c 24257 851580 24256->24257 24257->24257 24260 850f10 LdrInitializeThunk 24257->24260 24259 8515f4 24260->24259 24261 81feea 24262 82004d 24261->24262 24264 81feff 24261->24264 24263 84e210 RtlFreeHeap 24262->24263 24262->24264 24263->24264 24265 851848 GetForegroundWindow 24269 854320 24265->24269 24267 851854 GetForegroundWindow 24268 85186c 24267->24268 24270 854330 24269->24270 24270->24267 24271 8518a8 24273 851891 24271->24273 24272 851c88 24273->24271 24273->24272 24275 850f10 LdrInitializeThunk 24273->24275 24275->24272 24276 81cf90 24277 81cfb0 24276->24277 24277->24277 24278 81d1c4 ExitProcess 24277->24278 24279 81cff2 GetCurrentThreadId 24277->24279 24280 81d1ba 24277->24280 24284 81d0b0 24279->24284 24280->24278 24281 81d19c GetForegroundWindow 24282 81d1a6 GetCurrentProcessId 24281->24282 24283 81d1ac 24281->24283 24282->24283 24289 81e1a0 24283->24289 24284->24281 24284->24284 24287 81d183 ShellExecuteW 24284->24287 24287->24281 24290 81e1c0 24289->24290 24293 81e485 24290->24293 24297 81d1b1 24290->24297 24299 81e990 24290->24299 24291 81e860 24296 84e210 RtlFreeHeap 24291->24296 24291->24297 24292 81e8b6 24295 81e990 RtlFreeHeap 24292->24295 24293->24291 24293->24292 24293->24297 24295->24297 24296->24297 24297->24280 24298 820b90 CoInitializeEx 24297->24298 24303 81ec03 24299->24303 24300 81efb4 24300->24290 24301 81f12f 24302 84e210 RtlFreeHeap 24301->24302 24302->24300 24303->24300 24303->24301 24304 81e990 RtlFreeHeap 24303->24304 24304->24301 24305 c88139 24308 b13086 24305->24308 24309 c1f45c 24308->24309 24310 c48a4a 24309->24310 24312 d09f73 NtDelayExecution 24309->24312 24312->24309 24313 851336 24314 851360 24313->24314 24315 8513ae 24314->24315 24319 850f10 LdrInitializeThunk 24314->24319 24315->24315 24318 850f10 LdrInitializeThunk 24315->24318 24318->24315 24319->24315 24320 854950 24321 854970 24320->24321 24321->24321 24324 8549ce 24321->24324 24326 850f10 LdrInitializeThunk 24321->24326 24322 854a7e 24324->24322 24327 850f10 LdrInitializeThunk 24324->24327 24326->24324 24327->24322 24328 84ac5f 24331 84ac80 24328->24331 24329 84acf2 24331->24329 24332 850f10 LdrInitializeThunk 24331->24332 24332->24331 24333 8515fe 24334 851630 24333->24334 24337 850f10 LdrInitializeThunk 24334->24337 24336 851717 24337->24336

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 0 81e1a0-81e1bf 1 81e1c0-81e1ef 0->1 1->1 2 81e1f1-81e22f 1->2 3 81e230-81e263 2->3 3->3 4 81e265-81e27d call 84fc50 3->4 8 81e3e0 4->8 9 81e3c0-81e3c5 4->9 10 81e3e2-81e3ea 4->10 11 81e602-81e64f 4->11 12 81e485-81e491 4->12 13 81e284-81e286 4->13 14 81e449-81e456 4->14 15 81e28b-81e3be call 853a90 * 12 4->15 16 81e3cc-81e3d4 4->16 17 81e5ee-81e5f2 4->17 18 81e3f1-81e415 call 84c620 call 81e990 4->18 19 81e430-81e436 call 81ec20 4->19 20 81e5f7 4->20 21 81e498-81e59f 4->21 22 81e5fc 4->22 23 81e43f-81e442 4->23 24 81e41e-81e427 call 81ec20 4->24 8->10 9->11 9->12 9->16 9->17 9->20 9->21 9->22 25 81e740 9->25 26 81e742-81e749 9->26 27 81e736-81e73b 9->27 28 81e66f-81e6bf 9->28 10->9 10->11 10->12 10->14 10->16 10->17 10->18 10->19 10->20 10->21 10->22 10->23 10->24 10->25 10->26 10->27 10->28 29 81e650-81e66d 11->29 12->11 12->17 12->20 12->21 12->22 12->25 12->26 12->27 12->28 31 81e97b-81e986 13->31 35 81e471-81e47e 14->35 36 81e458-81e45a 14->36 15->8 16->8 38 81e976-81e978 17->38 18->24 19->23 20->22 37 81e5a0-81e5cf 21->37 23->9 23->11 23->12 23->14 23->16 23->17 23->20 23->21 23->22 23->25 23->26 23->27 23->28 24->19 44 81e750-81e771 26->44 45 81e810-81e818 26->45 46 81e850 26->46 47 81e860-81e878 26->47 48 81e962-81e974 call 84e210 26->48 49 81e952-81e957 26->49 50 81e852-81e859 26->50 51 81e8b6-81e8d4 call 81e990 26->51 27->25 39 81e6c0-81e6dd 28->39 29->28 29->29 35->11 35->12 35->16 35->17 35->20 35->21 35->22 35->25 35->26 35->27 35->28 52 81e460-81e46f 36->52 37->37 53 81e5d1-81e5dc call 81f190 37->53 38->31 39->39 55 81e6df-81e6ea 39->55 66 81e780-81e7c3 44->66 54 81e820-81e82a 45->54 47->48 47->49 57 81e840-81e84f 47->57 58 81e890 47->58 59 81e950 47->59 60 81e960 47->60 61 81e892-81e8b4 47->61 62 81e87f-81e882 47->62 48->38 49->60 50->47 50->51 51->59 52->35 52->52 76 81e5e1-81e5e7 53->76 54->54 68 81e82c-81e83e 54->68 69 81e720 55->69 70 81e6ec-81e6f0 55->70 57->46 59->49 61->57 62->58 66->66 75 81e7c5-81e7ce 66->75 68->46 81 81e728 69->81 77 81e707-81e70b 70->77 79 81e7d0-81e7da 75->79 80 81e802-81e809 75->80 76->11 76->17 76->22 76->25 76->26 76->27 76->28 76->44 76->45 76->46 76->47 76->48 76->49 76->50 76->51 77->81 82 81e70d-81e714 77->82 84 81e7e7-81e7eb 79->84 80->45 80->46 80->47 80->49 80->50 80->51 93 81e730 81->93 85 81e716-81e718 82->85 86 81e71a 82->86 88 81e800 84->88 89 81e7ed-81e7f4 84->89 85->86 90 81e700-81e705 86->90 91 81e71c-81e71e 86->91 88->80 94 81e7f6-81e7f8 89->94 95 81e7fa 89->95 90->77 90->93 91->90 93->27 94->95 97 81e7e0-81e7e5 95->97 98 81e7fc-81e7fe 95->98 97->80 97->84 98->97
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: &A-C$5Q<S$6$6E+G$7U9W$8]S_$<Y?[$>M"O$E-A/$Ehrd$I)^+$M%E'$O9M;$P!N#$dc$eI?K$i[k]$jabc
                                                                                                                            • API String ID: 0-2281983721
                                                                                                                            • Opcode ID: e57993c547228d5bae70365a8007149b7837d11d4d9d4832b4317739d099a66f
                                                                                                                            • Instruction ID: 99c7ea950ffbf78ad219b1c1eda104a6d65725ed3fc4ce0e0a1f4d4999e63f7f
                                                                                                                            • Opcode Fuzzy Hash: e57993c547228d5bae70365a8007149b7837d11d4d9d4832b4317739d099a66f
                                                                                                                            • Instruction Fuzzy Hash: 7302E575908351CFD310CF25EC826ABBBE6FF85305F18492CE9C59B352E73989498B92

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 114 81e990-81ec51 117 81ec60-81eca2 114->117 117->117 118 81eca4-81ed9f 117->118 119 81eda0-81eda8 118->119 119->119 120 81edaa-81eddf 119->120 121 81ede0-81ee1f 120->121 121->121 122 81ee21-81ee46 call 81fa80 121->122 124 81ee4b-81ee50 122->124 125 81efb4-81efb6 124->125 126 81ee56-81ee79 124->126 127 81f13a-81f146 125->127 128 81ee80-81eed2 126->128 128->128 129 81eed4-81eef5 128->129 131 81f131-81f137 call 84e210 129->131 132 81eefb-81ef1f 129->132 131->127 134 81ef20-81ef67 132->134 134->134 136 81ef69-81ef79 134->136 136->125 137 81efbb-81efbd 136->137 138 81efc3-81efff 137->138 139 81f12f 137->139 140 81f000-81f025 138->140 139->131 140->140 141 81f027-81f076 140->141 141->139 143 81f07c-81f099 141->143 144 81f0a0-81f0ba 143->144 144->144 145 81f0bc-81f11f call 81e990 144->145 145->139
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: &A-C$5Q<S$6$6E+G$7U9W$8]S_$<Y?[$>M"O$E-A/$I)^+$M%E'$O9M;$P!N#$dc$eI?K$jabc
                                                                                                                            • API String ID: 0-600622405
                                                                                                                            • Opcode ID: ef139196660dc68dae18393cca78a8ed623945de625cf5433b6a91dce192c771
                                                                                                                            • Instruction ID: 4519474f5025dfd5e03180ced7598d61b276310b79e3108cabad29f6cc7c3dda
                                                                                                                            • Opcode Fuzzy Hash: ef139196660dc68dae18393cca78a8ed623945de625cf5433b6a91dce192c771
                                                                                                                            • Instruction Fuzzy Hash: F0C1E07160C3958FD320CF65D89079BBBE1EFD1354F18892DE4D48B392D379894A8B92

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 149 81cf90-81cfaf 150 81cfb0-81cfd3 149->150 150->150 151 81cfd5-81cfdf call 84ff20 150->151 154 81cfe5-81cfec call 848d10 151->154 155 81d1c4-81d1c6 ExitProcess 151->155 158 81cff2-81d0a5 GetCurrentThreadId 154->158 159 81d1bf call 850de0 154->159 160 81d0b0-81d0c2 158->160 159->155 160->160 162 81d0c4-81d0c7 160->162 163 81d0cd-81d101 162->163 164 81d19c-81d1a4 GetForegroundWindow 162->164 167 81d110-81d12d 163->167 165 81d1a6 GetCurrentProcessId 164->165 166 81d1ac call 81e1a0 164->166 165->166 170 81d1b1-81d1b3 166->170 167->167 169 81d12f-81d158 167->169 171 81d160-81d181 169->171 170->159 172 81d1b5-81d1ba call 820b90 call 81fa70 170->172 171->171 173 81d183-81d196 ShellExecuteW 171->173 172->159 173->164
                                                                                                                            APIs
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0081D096
                                                                                                                            • ShellExecuteW.SHELL32(00000000,?,00858050,?,00000000,00000005), ref: 0081D196
                                                                                                                            • GetForegroundWindow.USER32(?,00000000,00000005), ref: 0081D19C
                                                                                                                            • GetCurrentProcessId.KERNEL32(?,00000000,00000005), ref: 0081D1A6
                                                                                                                            • ExitProcess.KERNEL32 ref: 0081D1C6
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentProcess$ExecuteExitForegroundShellThreadWindow
                                                                                                                            • String ID: 89
                                                                                                                            • API String ID: 1013327911-155395596
                                                                                                                            • Opcode ID: 681f929ef97f11bd8404d22dc6c8e389543463239dd534bf33336ad4ec37406b
                                                                                                                            • Instruction ID: e64d3be15b90775cbdcec9e14aea725bdf049d34e0ee980e697b929427552076
                                                                                                                            • Opcode Fuzzy Hash: 681f929ef97f11bd8404d22dc6c8e389543463239dd534bf33336ad4ec37406b
                                                                                                                            • Instruction Fuzzy Hash: 6E5159716487205BE318AB349C563AFBBD5FF82315F08892DD9C2EB2C2DD6D88054782

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 177 81f755-81f75a 178 81f801-81f805 177->178 179 81f900-81f913 177->179 180 81f9c0 177->180 181 81f9c2-81f9e5 177->181 182 81f945 177->182 183 81f80a-81f816 177->183 184 81f94d-81f956 177->184 185 81f98c-81f992 call 850e00 177->185 186 81f790-81f79c call 81c7e0 177->186 187 81fa10 177->187 188 81fa50-81fa52 177->188 189 81fa16-81fa1f 177->189 190 81f919-81f925 177->190 191 81fa5a-81fa66 177->191 192 81f81d-81f824 177->192 193 81f761-81f765 177->193 194 81f7a0-81f7fa 177->194 195 81f960-81f964 177->195 196 81fa20 177->196 197 81f8e5 177->197 198 81f826-81f837 177->198 199 81f9a8-81f9bf 177->199 200 81f76a-81f785 177->200 201 81f8ed-81f8f9 177->201 202 81f92c-81f93e 177->202 203 81f9ec-81f9f1 177->203 204 81fa2f 177->204 205 81f973-81f985 177->205 206 81f9f8 177->206 207 81f9fe-81fa0b 177->207 213 81fa38 178->213 179->190 180->181 181->187 181->188 181->189 181->191 181->196 181->203 181->204 181->206 208 81fcb0-81feb8 181->208 209 81fa92-81fc72 181->209 182->184 183->179 183->180 183->181 183->182 183->184 183->185 183->187 183->188 183->189 183->190 183->191 183->192 183->195 183->196 183->197 183->198 183->199 183->201 183->202 183->203 183->204 183->205 183->206 183->207 184->195 226 81f997-81f9a1 185->226 186->194 188->191 189->196 190->180 190->181 190->182 190->184 190->185 190->187 190->188 190->189 190->191 190->195 190->196 190->199 190->202 190->203 190->204 190->205 190->206 190->207 190->208 190->209 214 81f873-81f89f 192->214 210 81fa41-81fa47 193->210 194->178 194->179 194->180 194->181 194->182 194->183 194->184 194->185 194->187 194->188 194->189 194->190 194->191 194->192 194->195 194->196 194->197 194->198 194->199 194->201 194->202 194->203 194->204 194->205 194->206 194->207 223 81f96d 195->223 220 81fa29 196->220 197->201 215 81f840-81f86b 198->215 199->180 200->186 201->179 202->180 202->181 202->182 202->184 202->185 202->187 202->188 202->189 202->191 202->195 202->196 202->199 202->203 202->204 202->205 202->206 202->207 202->208 202->209 203->187 203->188 203->189 203->191 203->196 203->204 203->206 203->208 203->209 204->213 205->180 205->181 205->185 205->187 205->188 205->189 205->191 205->196 205->199 205->203 205->204 205->206 205->208 205->209 207->195 227 81fec0-81fed5 208->227 225 81fc80-81fc95 209->225 210->188 213->210 229 81f8a0-81f8bd 214->229 215->215 228 81f86d-81f870 215->228 220->204 223->205 225->225 231 81fc97-81fca2 225->231 226->180 226->181 226->187 226->188 226->189 226->191 226->196 226->199 226->203 226->204 226->206 226->208 226->209 227->227 232 81fed7-81fedf 227->232 228->214 229->229 233 81f8bf-81f8de 229->233 231->208 235 81fee2 232->235 233->179 233->180 233->181 233->182 233->184 233->185 233->187 233->188 233->189 233->190 233->191 233->195 233->196 233->197 233->199 233->201 233->202 233->203 233->204 233->205 233->206 233->207 233->208 233->209 235->235
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 5c;e$>kjm$A'K)$Jg3i$S;W=$i#E%
                                                                                                                            • API String ID: 0-468034204
                                                                                                                            • Opcode ID: 00fb2b6b6430fe917929a1ecad06529ca179a3afe94771ce0a2ae94d03e64f54
                                                                                                                            • Instruction ID: 20ae92728f74149d17d35c28f2ed5c2f7c557930f71d9112d766f6cdbbc8afb8
                                                                                                                            • Opcode Fuzzy Hash: 00fb2b6b6430fe917929a1ecad06529ca179a3afe94771ce0a2ae94d03e64f54
                                                                                                                            • Instruction Fuzzy Hash: E81285B4114700CFE3248F25D889FAABBB1FB45321F1A86ACD59A9F6B2D7749405CF42

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 305 84e210-84e221 306 84e2b0 305->306 307 84e2b2-84e2b8 305->307 308 84e228-84e239 305->308 306->307 309 84e240-84e293 308->309 309->309 310 84e295-84e2af RtlFreeHeap 309->310 310->306
                                                                                                                            APIs
                                                                                                                            • RtlFreeHeap.NTDLL(?,00000000,?), ref: 0084E2A1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: FreeHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3298025750-0
                                                                                                                            • Opcode ID: 8461057dea4a0a9e789e4cc2ea53ec919e5ece07e408a32a7afbdb7c35314365
                                                                                                                            • Instruction ID: bdead01b300a1259723c58d9b7b58060a681a062c3f92c0f48f57278a8f30223
                                                                                                                            • Opcode Fuzzy Hash: 8461057dea4a0a9e789e4cc2ea53ec919e5ece07e408a32a7afbdb7c35314365
                                                                                                                            • Instruction Fuzzy Hash: EB116677E452208FC3148F28DCA2757BB6AFBCA712F1A053DDC849B680CA385906CBD1

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 314 d09f73-d09fc6 NtDelayExecution
                                                                                                                            APIs
                                                                                                                            • NtDelayExecution.NTDLL(0229EE29,00C1F46B,00C88143,9C2270B5,00FC6851,-23D1C6D8,00C63984,00BF9E50,19122212,2F93E81B,00C2A8E0,000000E0,?,74070D9F,42B0C93A,0104A8B6), ref: 00D09F7C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: DelayExecution
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1249177460-0
                                                                                                                            • Opcode ID: fb9335dd4885cf5d61e025cfbe5bdc1a5acb7c1c2f63a563db71b9f4c9e748ad
                                                                                                                            • Instruction ID: 77ae262de45022ac4340a4e8aba9ca0a100fd2789e1e395fe41d26ea68a2106b
                                                                                                                            • Opcode Fuzzy Hash: fb9335dd4885cf5d61e025cfbe5bdc1a5acb7c1c2f63a563db71b9f4c9e748ad
                                                                                                                            • Instruction Fuzzy Hash: 1DE03931B083528BC7A8EA25E74004EB7D0AAE4232F22493EE4C2532C4DA265D15AF53

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 315 850f10-850f42 LdrInitializeThunk
                                                                                                                            APIs
                                                                                                                            • LdrInitializeThunk.NTDLL(008546AD,005C003F,00000006,?,?,00000018,?,?,?), ref: 00850F3E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                            • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                                                                                            • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                            • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

                                                                                                                            Control-flow Graph

                                                                                                                            APIs
                                                                                                                            • GetForegroundWindow.USER32 ref: 00851848
                                                                                                                            • GetForegroundWindow.USER32 ref: 00851860
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ForegroundWindow
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2020703349-0
                                                                                                                            • Opcode ID: 74f0c19085859b4057dd612fef88ded580caf715ef9845d0ebd89f16c7bd79cc
                                                                                                                            • Instruction ID: 3a02cfbde8100047e8b4a04b1651a81796cd262d3a40c65f7e459ab704a57368
                                                                                                                            • Opcode Fuzzy Hash: 74f0c19085859b4057dd612fef88ded580caf715ef9845d0ebd89f16c7bd79cc
                                                                                                                            • Instruction Fuzzy Hash: EDD0A775581610978B0CD730BC2586B3626FB4530B718401AE90341326EE28230B8783

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 293 850e25-850e2c 294 850e41-850e51 293->294 295 850ee0-850ee1 call 84e1b0 293->295 296 850e33-850e3a 293->296 297 850ee8-850ef1 call 84e210 293->297 300 850e60-850ec6 294->300 301 850ee6 295->301 296->294 296->297 304 850ef3-850efa 297->304 300->300 303 850ec8-850ede RtlReAllocateHeap 300->303 301->304 303->304
                                                                                                                            APIs
                                                                                                                            • RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 00850ED8
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1279760036-0
                                                                                                                            • Opcode ID: 3ee8239beb4e3df15ec347665f83df87e30d704da0969881f65cad39087dd20f
                                                                                                                            • Instruction ID: 823858587f25b6bb24534363a91d2bca63e87101d8b4659b884450e08fe4cba1
                                                                                                                            • Opcode Fuzzy Hash: 3ee8239beb4e3df15ec347665f83df87e30d704da0969881f65cad39087dd20f
                                                                                                                            • Instruction Fuzzy Hash: F3117D33F501268BCF1D8F78EC626AD7754FB08324B0907B9E916E7341EA78DA048780

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 311 84e1b0-84e1cb 312 84e1d0-84e1f6 311->312 312->312 313 84e1f8-84e20e RtlAllocateHeap 312->313
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.NTDLL(?,00000000,?), ref: 0084E204
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1279760036-0
                                                                                                                            • Opcode ID: 1952d48a489ac483a0ec592cc1feea00ddd78aa085bad363e8d1ea9c908ac2fc
                                                                                                                            • Instruction ID: 6e82ad4eca5937e9a776d712813b76bdaa75930914160948c06bb07d5233c1c5
                                                                                                                            • Opcode Fuzzy Hash: 1952d48a489ac483a0ec592cc1feea00ddd78aa085bad363e8d1ea9c908ac2fc
                                                                                                                            • Instruction Fuzzy Hash: 5FF0E97429D3405BD7088B10ECA17197FA6ABE1305F08487EE4D507391C27A181DD777
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: ($+$-$/$0$1$2$3$4$8$8$9$9$;$<$=$>$?$?$@$A$B$C$E$G$H$I$K$M$O$Q$S$S$U$W$Y$[$\$]$_$a$c$e$g$i$k$m$o$q$s$u$w$x$y${$|$|$}
                                                                                                                            • API String ID: 0-901420310
                                                                                                                            • Opcode ID: b57507b9fe23095618604d3d4150443d04437ee203acf5e774a622d0c56fb4ce
                                                                                                                            • Instruction ID: 5d3a7409b4bd63a9bc07dc890bd2da79ea3a1b89eb22c9b5123f584bb6fe7bd2
                                                                                                                            • Opcode Fuzzy Hash: b57507b9fe23095618604d3d4150443d04437ee203acf5e774a622d0c56fb4ce
                                                                                                                            • Instruction Fuzzy Hash: 322250219087E989DB36C67C8C487DDBEA15B67324F0843D9D1E96B2D2C3B50B85CB62
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: !$#$$$%$'$)$+$-$/$0$1$3$4$5$7$9$;$<$=$>$?$@$A$E$E$G$H$M$X$Y$[$h$r$s$t
                                                                                                                            • API String ID: 0-3672740722
                                                                                                                            • Opcode ID: 398e6778f008d29b121f498d4bafcb3002af8d1f6df391f96a78de5a743fd48d
                                                                                                                            • Instruction ID: 8adc46547ffed706f2b4a2fd30d53794f6910e9c83e658c3781aee39ba84facd
                                                                                                                            • Opcode Fuzzy Hash: 398e6778f008d29b121f498d4bafcb3002af8d1f6df391f96a78de5a743fd48d
                                                                                                                            • Instruction Fuzzy Hash: 6DE19121D086E98EDB26CA7C880839DBFB16B52314F1842DDD4E9AB3C2D7B54A45CB52
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: G"A$&+$*$/E;C$/$$2A"_$@C$O\$SX$_Y$h#j=$i'd!$lF$m9O7$pq$pq$r3$31
                                                                                                                            • API String ID: 0-1158987392
                                                                                                                            • Opcode ID: 36a1f68fb96ac88854bb7c371fec76203d2dbaf10985b556529d208e2e906a5d
                                                                                                                            • Instruction ID: aea852faa40c03889d34254602a9c6c337eb5bab979ab82fc7739e986cfd4d9d
                                                                                                                            • Opcode Fuzzy Hash: 36a1f68fb96ac88854bb7c371fec76203d2dbaf10985b556529d208e2e906a5d
                                                                                                                            • Instruction Fuzzy Hash: 35720CB41093858BE334CF25D881B9FBBE1FB96304F10892DD6E99B251EB749146CF92
                                                                                                                            APIs
                                                                                                                            • SysAllocString.OLEAUT32(49FB4BE2), ref: 0084BD1D
                                                                                                                            • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 0084BD67
                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 0084BDCB
                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 0084BE97
                                                                                                                            • VariantInit.OLEAUT32(?), ref: 0084BF12
                                                                                                                            • VariantClear.OLEAUT32(?), ref: 0084C07C
                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 0084C0A4
                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 0084C0AA
                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 0084C0BE
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: String$AllocFree$Variant$BlanketClearInitProxy
                                                                                                                            • String ID: WC$ZQ
                                                                                                                            • API String ID: 1721464176-1722601914
                                                                                                                            • Opcode ID: 105c3ae7cf648d3b9b078e1278adac4c4a62a69aeed33b2f181737c0b275b7e0
                                                                                                                            • Instruction ID: a0b8e1ad8634ccfad93babd2fdda21e9812185ec8b278f22562f4d8f8b584411
                                                                                                                            • Opcode Fuzzy Hash: 105c3ae7cf648d3b9b078e1278adac4c4a62a69aeed33b2f181737c0b275b7e0
                                                                                                                            • Instruction Fuzzy Hash: 57C1BA76508340DBE710CF64D845B5BBBE5FFC5315F10881CF595AB2A0CB79990ACB82
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $ $ $ $ $ $ $-$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff$gfff$gfff
                                                                                                                            • API String ID: 0-3131871939
                                                                                                                            • Opcode ID: b2394e9bd3c13d263de42f17031799623b94f2ac391ceb8fb8ee9e6db92b0525
                                                                                                                            • Instruction ID: a74e77c4574bc77c9198e0825b463e9cd355385ecdc80524f76f1d2ea840f34b
                                                                                                                            • Opcode Fuzzy Hash: b2394e9bd3c13d263de42f17031799623b94f2ac391ceb8fb8ee9e6db92b0525
                                                                                                                            • Instruction Fuzzy Hash: 69E2F2716087818FCB18CF28C4943AABBE6FF95314F18866DE595CB391D734D989CB82
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: &?3$,/.1$3210$4761$8;:5$8?$L$RdOh$X[Z]$dgfi$h$mdOh$w`k
                                                                                                                            • API String ID: 0-3944949542
                                                                                                                            • Opcode ID: 2fe6c700fc0656cb93e9548eac5777440653ba0c0aa2d5782dd61cf99ecc42c7
                                                                                                                            • Instruction ID: d6fd909dda0675e611e1bdc87d295ef9c65e99398a3d1770929a34a30c6fa997
                                                                                                                            • Opcode Fuzzy Hash: 2fe6c700fc0656cb93e9548eac5777440653ba0c0aa2d5782dd61cf99ecc42c7
                                                                                                                            • Instruction Fuzzy Hash: F1B2CF7150C3818BD725CF29C4A17ABBBE2FFD6304F18896DE4C98B292D7749905CB92
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: ($DG$Dw$Mx$hv$n~$wE$qVw
                                                                                                                            • API String ID: 0-339588687
                                                                                                                            • Opcode ID: bba7b982f3bfd8faf1bc1fb7406f70d46021bf2f778ce13f8e1bbe0cc923574f
                                                                                                                            • Instruction ID: 4f7f2bef6a574f8192f5df26fab8a119e7f181878b0732cd94dd27a37b2f804d
                                                                                                                            • Opcode Fuzzy Hash: bba7b982f3bfd8faf1bc1fb7406f70d46021bf2f778ce13f8e1bbe0cc923574f
                                                                                                                            • Instruction Fuzzy Hash: B522CBB16083448FD714CF68D8816AFBBF5FF96314F14892CE8959B391D7788906CB92
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 0$0$0$0000$0000$0000$0000$0000$0000$0000$@$i
                                                                                                                            • API String ID: 0-3385986306
                                                                                                                            • Opcode ID: ae889f809ccb7c3ea6059d55be615c3c4e8e54339d704131e95419a29002196b
                                                                                                                            • Instruction ID: fa716cc2516620844b13daaa873fd74ce9c2dc06d59fcecf2833c9ec0997f8bd
                                                                                                                            • Opcode Fuzzy Hash: ae889f809ccb7c3ea6059d55be615c3c4e8e54339d704131e95419a29002196b
                                                                                                                            • Instruction Fuzzy Hash: 5882AE71A093818FC719CE28C49079ABBE5FF99304F188A6DE49AD7391D334DD95CB82
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: @DvF$@ffI$_kQT$a[[d$itkj$p$q`h}$xy$yleh$uw
                                                                                                                            • API String ID: 0-2899419844
                                                                                                                            • Opcode ID: 3756cbeeb4059458bb5fa6ae4511fb1b823aa8629fd3e330a91d89dddf0f1130
                                                                                                                            • Instruction ID: cdc375782ee544243ed2ec41e9688d18aa9c950ee2f8b2fa350001104377db9d
                                                                                                                            • Opcode Fuzzy Hash: 3756cbeeb4059458bb5fa6ae4511fb1b823aa8629fd3e330a91d89dddf0f1130
                                                                                                                            • Instruction Fuzzy Hash: C6C1EFB02083849FD314DF25D8817ABBBE5EF96348F14892CE1D58B392D7788949CB97
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: !m%k$#i4g$+e(c$@-+$g!~_$v%r#$y)v'$yw
                                                                                                                            • API String ID: 0-2667393304
                                                                                                                            • Opcode ID: 588557bd658de79d684c5e74569ab65bb1ff4d216a94488b65ea85bd0c3abdeb
                                                                                                                            • Instruction ID: b18720e77201ccf30cb9a2fe6f468bcddc0b0a4768d7aaf3f212206360b5cf30
                                                                                                                            • Opcode Fuzzy Hash: 588557bd658de79d684c5e74569ab65bb1ff4d216a94488b65ea85bd0c3abdeb
                                                                                                                            • Instruction Fuzzy Hash: BFF188B110C381DFE3248F24D8847ABBBE4FB85301F14992CEAD99B291D7798845CF92
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Clipboard$CloseDataLongOpenWindow
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1647500905-0
                                                                                                                            • Opcode ID: 11e5e2fe7f9da7a50c5989f25e83f5adee5ff748a7cdd3834a1617427d2e0dc5
                                                                                                                            • Instruction ID: e70b44c8554216ffd37ac5d7d7ead1072e0bfdd9e020417a78e0229d7de561e9
                                                                                                                            • Opcode Fuzzy Hash: 11e5e2fe7f9da7a50c5989f25e83f5adee5ff748a7cdd3834a1617427d2e0dc5
                                                                                                                            • Instruction Fuzzy Hash: 3D5107B1E08786CBD700ABBCC84535ABFE0FB52314F058639C895D7681E7799968C793
                                                                                                                            APIs
                                                                                                                            • FindWindowExW.USER32(00000000,F361F56A,?,00000000), ref: 0082E92F
                                                                                                                            • GetWindowThreadProcessId.USER32(F361F56A,00000000), ref: 0082E9CC
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Window$FindProcessThread
                                                                                                                            • String ID: Ex$OO$|U
                                                                                                                            • API String ID: 3928697162-1176901884
                                                                                                                            • Opcode ID: a3e9f27785ae586a4b3600470abba2a752c334194804a4d386c08b9230840413
                                                                                                                            • Instruction ID: 51d01ce8c0d428e1de163bb8482ceda7e471c1828b93eb33d1f459a1a23fb3e4
                                                                                                                            • Opcode Fuzzy Hash: a3e9f27785ae586a4b3600470abba2a752c334194804a4d386c08b9230840413
                                                                                                                            • Instruction Fuzzy Hash: B7B19D75600B10CFD724CF68E890B62B7F2FF59311F048968E59A8B7A1E778E841CB55
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Y^S$#g>#$$*- $UjcW$YRTP$o$
                                                                                                                            • API String ID: 0-2638604102
                                                                                                                            • Opcode ID: e2de5518220410d319e74b44a37425bd054e7982830f51421994812ef3f5f539
                                                                                                                            • Instruction ID: 72c97f0d2b7841fe9852e42fb763943d1f4c4cdcdbb0436067f7d025d1cabd61
                                                                                                                            • Opcode Fuzzy Hash: e2de5518220410d319e74b44a37425bd054e7982830f51421994812ef3f5f539
                                                                                                                            • Instruction Fuzzy Hash: 14A12831A493918ED734CB6884913E7FBE1FF95350F099A6DC8D98B382C7709909D792
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 3768$:?-)$InA>$i7b0$~x||
                                                                                                                            • API String ID: 0-482665311
                                                                                                                            • Opcode ID: 2e42fb99027e903eea1f75c4fbd1c33c6a6b06dda09ca5d034ab44cadca15af4
                                                                                                                            • Instruction ID: b43fbaebb8401fc61e21d06d734a45722157948f4f5a3844d84a21ac4ffb97bf
                                                                                                                            • Opcode Fuzzy Hash: 2e42fb99027e903eea1f75c4fbd1c33c6a6b06dda09ca5d034ab44cadca15af4
                                                                                                                            • Instruction Fuzzy Hash: 3832F072A08315CFD324CF28D89062AB7E1FB99316F19896CE986D7391D739E911CB81
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID: "#<$8977$InA>$InA>$f
                                                                                                                            • API String ID: 2994545307-3216925240
                                                                                                                            • Opcode ID: 9d07e60ec25edc50659b8dc978aaad3e00df9ce37dc4cfbcae3d73f4be9c74e2
                                                                                                                            • Instruction ID: 15fed626a2c7a470aec48d546d215ff6c7bda093fd507cf2d77b75a278fc2c46
                                                                                                                            • Opcode Fuzzy Hash: 9d07e60ec25edc50659b8dc978aaad3e00df9ce37dc4cfbcae3d73f4be9c74e2
                                                                                                                            • Instruction Fuzzy Hash: 93229E716083459FC718CF29C890A2BBBE2FBD8314F198A2DE695C73A2D774D845CB52
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                                                            • API String ID: 0-3620105454
                                                                                                                            • Opcode ID: 273f3b481aea1c1efff20954a37dab971126a2c25e53c4aad39b900e05bf82b0
                                                                                                                            • Instruction ID: 3b45b8d0d23bee8e0a7fa9f36fe824f8731d69731b58ddcf08f87a9ba8b6e7ff
                                                                                                                            • Opcode Fuzzy Hash: 273f3b481aea1c1efff20954a37dab971126a2c25e53c4aad39b900e05bf82b0
                                                                                                                            • Instruction Fuzzy Hash: 8CE1A07160C7928FC715CE28C4802AAFBE5BFD9314F088A6DE9D9C7392D234D985CB52
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $7$7$8$W
                                                                                                                            • API String ID: 0-4210289531
                                                                                                                            • Opcode ID: b996ac25122d3668557e5e51f17f3116868abeb281129c3070e488bd45287690
                                                                                                                            • Instruction ID: ddced728ff0b9358f583569b1256877adc688d1edc0610a879f6e6033af7d54f
                                                                                                                            • Opcode Fuzzy Hash: b996ac25122d3668557e5e51f17f3116868abeb281129c3070e488bd45287690
                                                                                                                            • Instruction Fuzzy Hash: D481B67260C7848BD328CA3CC85535FBBD2ABD5324F198A2DD5E5C73C2D67988058742
                                                                                                                            APIs
                                                                                                                            • FindWindowExW.USER32(00000000,610963F7,?,00000000), ref: 0082F26E
                                                                                                                            • GetWindowThreadProcessId.USER32(610963F7,00000000), ref: 0082F297
                                                                                                                            • IsWindowEnabled.USER32(610963F7), ref: 0082F2AE
                                                                                                                            • IsWindowVisible.USER32(610963F7), ref: 0082F2C5
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Window$EnabledFindProcessThreadVisible
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3858996717-0
                                                                                                                            • Opcode ID: 8d25488d341e47746466ebe0bad78d7ee30f7ddf0d0389a34909f2ebaa177c7a
                                                                                                                            • Instruction ID: d5198cc423bc11a72da2494bcd115df3de8d6f816a6aaf4839cb30a2e7c75a87
                                                                                                                            • Opcode Fuzzy Hash: 8d25488d341e47746466ebe0bad78d7ee30f7ddf0d0389a34909f2ebaa177c7a
                                                                                                                            • Instruction Fuzzy Hash: 4BD19B71204B41CFC724CF29D491A26BBF2FF99314B19CA6DD49A8BB92D734E846CB50
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 8?$BcPX$`;|9$`cPX
                                                                                                                            • API String ID: 0-3600580882
                                                                                                                            • Opcode ID: 2db96d9796e3e8ae4d5f20177a947a72d22d7b8fa8c967d45c4c36147986f0e3
                                                                                                                            • Instruction ID: 72ff2b1f632d05d97717b7e43d53294d36b8fef6edf36f5afa8552e5097defbd
                                                                                                                            • Opcode Fuzzy Hash: 2db96d9796e3e8ae4d5f20177a947a72d22d7b8fa8c967d45c4c36147986f0e3
                                                                                                                            • Instruction Fuzzy Hash: AAF1B9715083118FD724CF28D8917ABBBE1FFC1704F058A2CE9959B291E775994ACBC2
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: MetricsSystem
                                                                                                                            • String ID: +DAM
                                                                                                                            • API String ID: 4116985748-3236663638
                                                                                                                            • Opcode ID: eafc4bd783601823d6d806b46ebb266865d65ea886fc1bb5d5c73075987c3fea
                                                                                                                            • Instruction ID: 7d48849c8c145c98f38187a5466732455b2c55a2a6c9bf52e3fa5d8ea367fc1f
                                                                                                                            • Opcode Fuzzy Hash: eafc4bd783601823d6d806b46ebb266865d65ea886fc1bb5d5c73075987c3fea
                                                                                                                            • Instruction Fuzzy Hash: D69139B05097808FD770DF68D59979ABBE0BB8534AF10892DAA988B350DBB5944CCF43
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: "$"$E$v
                                                                                                                            • API String ID: 0-4093480546
                                                                                                                            • Opcode ID: 63b9863528d0d830c07fc7e7e9db8341a316157e1770ea2708c346feaaf0e792
                                                                                                                            • Instruction ID: d77eadb3fd1acf64fc004c4a27bd7bd89f016b8cfaa66f4e73238d9c974517d4
                                                                                                                            • Opcode Fuzzy Hash: 63b9863528d0d830c07fc7e7e9db8341a316157e1770ea2708c346feaaf0e792
                                                                                                                            • Instruction Fuzzy Hash: BED175321187468FC319EF38E8454BAB3E2EBD5321F608A3ED59BC7495DB34551ACB81
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: lcw|<a$o~{q$w|<a${{up
                                                                                                                            • API String ID: 0-3972657743
                                                                                                                            • Opcode ID: a3ee45f8fd13257ef45653cfa78a7791ceabb930fda5a0ee638f2baaa6a07a8b
                                                                                                                            • Instruction ID: d5b39a130e26a89f159e6d36e9d6c26ab715b8fe5b70d1b270e7a5c14020639c
                                                                                                                            • Opcode Fuzzy Hash: a3ee45f8fd13257ef45653cfa78a7791ceabb930fda5a0ee638f2baaa6a07a8b
                                                                                                                            • Instruction Fuzzy Hash: 68A14670204B468BE3258F28C891763FFA2FF95314F28865DD5A68B7D2D375E806CB91
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: *$/$N$a
                                                                                                                            • API String ID: 0-3070520978
                                                                                                                            • Opcode ID: 49491d817c235268ace403144eb7fe7d7f81d5fafc33542b70855fb29295c4c6
                                                                                                                            • Instruction ID: 98c1a67680af7d9c9c553b30dde04207c94f9a74c61d29ffb67786ffca346fb7
                                                                                                                            • Opcode Fuzzy Hash: 49491d817c235268ace403144eb7fe7d7f81d5fafc33542b70855fb29295c4c6
                                                                                                                            • Instruction Fuzzy Hash: AA9197326087524BD718EF39E8521ABB3E1EBC5320F508B3DE896C72C5EB365919CB41
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: >2%8$NFFV$]c\"
                                                                                                                            • API String ID: 0-36263332
                                                                                                                            • Opcode ID: f4a1d707984ff1206412181518c64c1de78bf8979273f10b2549086785ef6119
                                                                                                                            • Instruction ID: 4ef0f6dd6a59ed08cc9bc7bc29f5b99ff9f9b871fa6a47aa9a651f8131bc31c9
                                                                                                                            • Opcode Fuzzy Hash: f4a1d707984ff1206412181518c64c1de78bf8979273f10b2549086785ef6119
                                                                                                                            • Instruction Fuzzy Hash: DBF122705047828BDB258F2AC494722BFE2FFA3304F2C859DC4D68B796D7799886C761
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Ex$OO$|U
                                                                                                                            • API String ID: 0-1176901884
                                                                                                                            • Opcode ID: cb07d7e1271b9f775b0d914a4be6aebc22d6da5b43d58a3b1dd307b317a48ca5
                                                                                                                            • Instruction ID: cfd3b03d06eab5066d04ef778a3b795f01631cce4f48080b07fffaed1690bea4
                                                                                                                            • Opcode Fuzzy Hash: cb07d7e1271b9f775b0d914a4be6aebc22d6da5b43d58a3b1dd307b317a48ca5
                                                                                                                            • Instruction Fuzzy Hash: 55F10474200B009FE7288F24D9D073777A2FB99315F64692CE697877A6D771E882CB48
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: %*+($InA>$P
                                                                                                                            • API String ID: 0-1283304554
                                                                                                                            • Opcode ID: 734d4d2247d1057ba692ffb5a0b08e7932ba4d453b9ad218238b06ebcbf80151
                                                                                                                            • Instruction ID: 067f314f7eb1c3e91af75f3d33d6b3f37b1c47a43c2631d04d3fbf5f6f280b99
                                                                                                                            • Opcode Fuzzy Hash: 734d4d2247d1057ba692ffb5a0b08e7932ba4d453b9ad218238b06ebcbf80151
                                                                                                                            • Instruction Fuzzy Hash: E6F114726087648FC325CE28985036FB6E1FBC5755F15862CE9A9DB3D1CB70C90A8BC2
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: :$Zk6i$ho
                                                                                                                            • API String ID: 0-3802070491
                                                                                                                            • Opcode ID: fd6467f21ca5be5c2aa0e11e37069c7279dac814dfafbff92f10dc4d7c19262f
                                                                                                                            • Instruction ID: 5df015af52dd1a0d4033ae375c6cac88b5196ddf001926091c09474a1595d58d
                                                                                                                            • Opcode Fuzzy Hash: fd6467f21ca5be5c2aa0e11e37069c7279dac814dfafbff92f10dc4d7c19262f
                                                                                                                            • Instruction Fuzzy Hash: 3AD14736618316CBC7289F38E89126A77F2FF99352F09C87CD986C72A0E3789945C750
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: DE$[Y$j
                                                                                                                            • API String ID: 0-2398809664
                                                                                                                            • Opcode ID: 79b9f7c85313b8afdab8d4a1d218de3070b726d4b100e021974276b10e1e4c2b
                                                                                                                            • Instruction ID: 7d7b437eb9b24ab809b96c798f47f764a724a797da23de91896e4bb9641250da
                                                                                                                            • Opcode Fuzzy Hash: 79b9f7c85313b8afdab8d4a1d218de3070b726d4b100e021974276b10e1e4c2b
                                                                                                                            • Instruction Fuzzy Hash: 23B1CAB65083508FC704CF25D89566BBBE2FFD5318F09892CE4D98B351D7798908CB86
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: "MO$40,G$L]IN
                                                                                                                            • API String ID: 0-2812748645
                                                                                                                            • Opcode ID: a1f16c59e1393ffea0d503ba236f705c0e57a00ba46effc304ca049e0135c68c
                                                                                                                            • Instruction ID: 214a3f3b3c622e5811be76de0b008d002525df2ea2771f5320e7f7a012a3bd28
                                                                                                                            • Opcode Fuzzy Hash: a1f16c59e1393ffea0d503ba236f705c0e57a00ba46effc304ca049e0135c68c
                                                                                                                            • Instruction Fuzzy Hash: 27A10470504B818BD725CF2AC490722BBE2FF96304F188A9DD4E68B786C779E446CB91
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $$P$V
                                                                                                                            • API String ID: 0-3262086503
                                                                                                                            • Opcode ID: 049906a410e1633da42b1040bc0910c9693673d815abbf452b54a03907968e0b
                                                                                                                            • Instruction ID: 1764eaa6295e749e9050d1e8a84a4ef9c753f30ee0914b24f84ac6d27fcdd84e
                                                                                                                            • Opcode Fuzzy Hash: 049906a410e1633da42b1040bc0910c9693673d815abbf452b54a03907968e0b
                                                                                                                            • Instruction Fuzzy Hash: EFA196341086428BD708EF39E8955BAB3E2FBD1310F64DB3ED596CB5D0E639841ACB41
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: "MO$40,G$L]IN
                                                                                                                            • API String ID: 0-2812748645
                                                                                                                            • Opcode ID: 3d9bca0b79bf589dc9ad82bd0398e22ad7b035a9a2cf53393188ee7ab38cef32
                                                                                                                            • Instruction ID: 121f9cd0a453b930db69da4e0b1e7f35ba8d03ac5a0b5e5809513d361378d913
                                                                                                                            • Opcode Fuzzy Hash: 3d9bca0b79bf589dc9ad82bd0398e22ad7b035a9a2cf53393188ee7ab38cef32
                                                                                                                            • Instruction Fuzzy Hash: 8D91E371504B818FD7258F2AC490722BBE2FFA6304F18CA9DD4D68F746C7799446CBA1
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: ($45$hv
                                                                                                                            • API String ID: 0-1388148980
                                                                                                                            • Opcode ID: 0f3db49629d03c6d377f732191103d5550ebb978d5bd0239c8d927d5f5101e70
                                                                                                                            • Instruction ID: 73fa36ab4757131561835640414a9438f11297d6ef470638cd044c1d9ea92def
                                                                                                                            • Opcode Fuzzy Hash: 0f3db49629d03c6d377f732191103d5550ebb978d5bd0239c8d927d5f5101e70
                                                                                                                            • Instruction Fuzzy Hash: A4911376944348DBEB20CFA9DC81BDFBBB4FF85304F144168E954AB281D7749906CB92
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: "MO$40,G$L]IN
                                                                                                                            • API String ID: 0-2812748645
                                                                                                                            • Opcode ID: 4efc055a5ac1feec7e15c237ba47f01ae4e8e1d4ea70f7c4910d91da9c8dac11
                                                                                                                            • Instruction ID: f76c8379a5fa54cbccbc541204621dff99dcf5232b3093b7c44884a179b81f4d
                                                                                                                            • Opcode Fuzzy Hash: 4efc055a5ac1feec7e15c237ba47f01ae4e8e1d4ea70f7c4910d91da9c8dac11
                                                                                                                            • Instruction Fuzzy Hash: 8881E271504B818FD725CF2AC490722BBE2FF96304F18869DD4E68F786C779A446CBA1
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: %)u$*$C
                                                                                                                            • API String ID: 0-4095948065
                                                                                                                            • Opcode ID: 29f9ade870d4c5dd855a6d7a2ef875bcb6001d9064221ff3d0e9840bdd36cdcb
                                                                                                                            • Instruction ID: 68701cf912e25bd808a9e8e2cb49ce1892517fb51fee1a012f0067d23dccdb93
                                                                                                                            • Opcode Fuzzy Hash: 29f9ade870d4c5dd855a6d7a2ef875bcb6001d9064221ff3d0e9840bdd36cdcb
                                                                                                                            • Instruction Fuzzy Hash: 9961BB766186154BD71CEE28D8825FB73D2E7C5300F10873CA9D787A91DB39581B8B86
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: !$9^5O$D
                                                                                                                            • API String ID: 0-4080017824
                                                                                                                            • Opcode ID: 20e4adaeaa21867ce57fa1f42d4f6bf8963a711376363d7f46745dc12e405111
                                                                                                                            • Instruction ID: ee039b6d9728f49f9426e084902949907688b62779468b57be12f786dfe4bf1d
                                                                                                                            • Opcode Fuzzy Hash: 20e4adaeaa21867ce57fa1f42d4f6bf8963a711376363d7f46745dc12e405111
                                                                                                                            • Instruction Fuzzy Hash: 368186325087468BC718EA3CD8815FAB3A2EBC1321F648B7DD5A2C71D1E73955299B81
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $3$4
                                                                                                                            • API String ID: 0-3737300650
                                                                                                                            • Opcode ID: 4a1564405dab0b556f6a8a7944ec72b47c3ac9743a8ad8bc16009548e828f7bd
                                                                                                                            • Instruction ID: 667584834774985f3c99a2bd607d3ecc08143d67dd2a06b69028aed1264680c2
                                                                                                                            • Opcode Fuzzy Hash: 4a1564405dab0b556f6a8a7944ec72b47c3ac9743a8ad8bc16009548e828f7bd
                                                                                                                            • Instruction Fuzzy Hash: 40617A765087168BD71CEF78E8426EAB3A1FBC1350F20893D9586C70D1EB3A651ACA85
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: .+<$$g$t
                                                                                                                            • API String ID: 0-3352640822
                                                                                                                            • Opcode ID: 64488aa3021a9e1df8b7d24a00fd1f45e6aa83698e9d11cc241e4b0eede1f783
                                                                                                                            • Instruction ID: 797898c8f2ca600e5b4033a915956be4e3377ff0774f27594b1ada39a997c00d
                                                                                                                            • Opcode Fuzzy Hash: 64488aa3021a9e1df8b7d24a00fd1f45e6aa83698e9d11cc241e4b0eede1f783
                                                                                                                            • Instruction Fuzzy Hash: 234165366087028BC728EF28CC425E673E2FBD5320F54CA3DA497971D9DB39940A8A81
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: \X"Q$a|cI
                                                                                                                            • API String ID: 0-3233608862
                                                                                                                            • Opcode ID: 585b587c8aa6ec5e54755f5e0ef66b683f7db1df9986a6a137bc00b2a174b6b7
                                                                                                                            • Instruction ID: 5801af6b7925e957a27c98ae4ff8b9d36c22d41fe03d2f41437070eb318d569c
                                                                                                                            • Opcode Fuzzy Hash: 585b587c8aa6ec5e54755f5e0ef66b683f7db1df9986a6a137bc00b2a174b6b7
                                                                                                                            • Instruction Fuzzy Hash: 129215716047818FD7298F39C490762BBE2FF96314F2885ADC5D68B7A2C779D806CB90
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID: $96w$c]
                                                                                                                            • API String ID: 2994545307-247510824
                                                                                                                            • Opcode ID: 83e623e969bb45af8938971cfb20e74e8997be53f7bd6ec52aa676b80ee28838
                                                                                                                            • Instruction ID: 912e46fa49c6738bdef9e5c7c69a044dc8e11e1bef743b2380edd56ccf032c64
                                                                                                                            • Opcode Fuzzy Hash: 83e623e969bb45af8938971cfb20e74e8997be53f7bd6ec52aa676b80ee28838
                                                                                                                            • Instruction Fuzzy Hash: 3422EF716083459BD724CF28C881B6BBBE2FBD4714F14892DE989CB391E771E845CB92
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: -$N
                                                                                                                            • API String ID: 0-2941813136
                                                                                                                            • Opcode ID: bbc7aefe540ffdb81cf593d264b936a1ce055b5ce08baef93efd99ba6ca525d9
                                                                                                                            • Instruction ID: 27da35950d587f598f5519f0cefb57a1aa32e0b053cb6964010e6cad6313282f
                                                                                                                            • Opcode Fuzzy Hash: bbc7aefe540ffdb81cf593d264b936a1ce055b5ce08baef93efd99ba6ca525d9
                                                                                                                            • Instruction Fuzzy Hash: D82278361087128FD718EB38D8515EAB7E2EFD5310F248A7DE095CB2D6E775940ACB42
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: `$c
                                                                                                                            • API String ID: 0-1220095849
                                                                                                                            • Opcode ID: 8181126251d3da1030b104880d9b52217af420fd823694233c43dcefb657ed64
                                                                                                                            • Instruction ID: 1e3427f413e23ef86d266e69926ec633abfaa46d4bc15fd17c7987a7fb8d0af5
                                                                                                                            • Opcode Fuzzy Hash: 8181126251d3da1030b104880d9b52217af420fd823694233c43dcefb657ed64
                                                                                                                            • Instruction Fuzzy Hash: 58D1D371A08340ABD7019F25D882BAFBBE9EFD6714F18882DF88497281D674DD468793
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: RLjo$ZDRW
                                                                                                                            • API String ID: 0-2283519047
                                                                                                                            • Opcode ID: aaf79765dd0467ae01feb0986f447b33a09decf859940e103ffab7c6d3a1a655
                                                                                                                            • Instruction ID: 8e41f3f47b702c5ec90d82638496ff036e8800ab6a26b384489156e0b161f289
                                                                                                                            • Opcode Fuzzy Hash: aaf79765dd0467ae01feb0986f447b33a09decf859940e103ffab7c6d3a1a655
                                                                                                                            • Instruction Fuzzy Hash: 8AD1E0B19083449FC714DF68E8826ABBBF5FF95305F04882CE59987362E7789845CB87
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: a$w
                                                                                                                            • API String ID: 0-2312994108
                                                                                                                            • Opcode ID: c09c7c57ccbc161631ae39b3c114cef8d75de262eaefe6a71c12c626707ad353
                                                                                                                            • Instruction ID: 4e3005bed1961f00eaa78a3910a70e0b3bbb31ceacddc9a04ce63ee7bc2e5989
                                                                                                                            • Opcode Fuzzy Hash: c09c7c57ccbc161631ae39b3c114cef8d75de262eaefe6a71c12c626707ad353
                                                                                                                            • Instruction Fuzzy Hash: 23F1B9352087528BD708EF3CE4905ABB7E2FBC5324F608A7DD09AC7299D735651ACB41
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Inf$NaN
                                                                                                                            • API String ID: 0-3500518849
                                                                                                                            • Opcode ID: fa3763592639e4481ba8536763ebf0f3cb4cf22468bce1ae70b4d22ff4a17de4
                                                                                                                            • Instruction ID: 4e39395db0f429b519fb4e08cc76701aa5b3475521bd10c6639ee4968394ccf6
                                                                                                                            • Opcode Fuzzy Hash: fa3763592639e4481ba8536763ebf0f3cb4cf22468bce1ae70b4d22ff4a17de4
                                                                                                                            • Instruction Fuzzy Hash: 4FD1B471A083159BC704CF28C88169ABBE9FFC4750F158A2DE899D7394E771DD858BC2
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Uninitialize
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3861434553-0
                                                                                                                            • Opcode ID: 15c1a32400b6995d115226bc4099083d3344fa75cdea499954b5fc624d34bbad
                                                                                                                            • Instruction ID: fdee3d7cd62d1a430ec926e4ea406c80b2ce2cd07d3499a9ae4ab348822d6bfc
                                                                                                                            • Opcode Fuzzy Hash: 15c1a32400b6995d115226bc4099083d3344fa75cdea499954b5fc624d34bbad
                                                                                                                            • Instruction Fuzzy Hash: ECB12AB5A007409BD714AB38AC9276BB6A6FFD5314F08853CE84787783DB39E4458793
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: #%v$0
                                                                                                                            • API String ID: 0-4099513283
                                                                                                                            • Opcode ID: c79e2c092ad8416d6ddb60784603206328bb62481e5112320e1e981ba9035140
                                                                                                                            • Instruction ID: 3ce51b8b769d66cabf5607c99f977325a9ac8154942fd961b6fc338169d130c5
                                                                                                                            • Opcode Fuzzy Hash: c79e2c092ad8416d6ddb60784603206328bb62481e5112320e1e981ba9035140
                                                                                                                            • Instruction Fuzzy Hash: 4DB1FB352286268BD71CEB2CE8818BA73D2FBD1324F20C77DE583C7989D73558078A81
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID: %*+($%*+(
                                                                                                                            • API String ID: 2994545307-3039692684
                                                                                                                            • Opcode ID: 8f673244a15b4a3d7393f1f0ab270aee0bc1cc293d69507d75437732bee1a1c2
                                                                                                                            • Instruction ID: 3eef12b3b12ec102c9f816d3e346e178d250ca9dff4bfafc94cf2a492f4c8ae7
                                                                                                                            • Opcode Fuzzy Hash: 8f673244a15b4a3d7393f1f0ab270aee0bc1cc293d69507d75437732bee1a1c2
                                                                                                                            • Instruction Fuzzy Hash: A7A105316083215BD738CA68CC81BABB7E1FB8A315F14893DED95D7392EE3098458B52
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 5L$_]
                                                                                                                            • API String ID: 0-2033130362
                                                                                                                            • Opcode ID: 83224abab4c22919b6cea034b5242519c172c3da35e8f3043ec456ec327fc357
                                                                                                                            • Instruction ID: af500489b1566213cc0202d9bc565acf79c9945522c7dde407ec7a91e31fa259
                                                                                                                            • Opcode Fuzzy Hash: 83224abab4c22919b6cea034b5242519c172c3da35e8f3043ec456ec327fc357
                                                                                                                            • Instruction Fuzzy Hash: A2B1E172A18712CBC724CF28C4911ABB3F2FFD8754F19892CD8C58B264E7B49946CB91
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: C$E
                                                                                                                            • API String ID: 0-2059648562
                                                                                                                            • Opcode ID: 5bf176f52e4322211afcd9810f541ef6345f721fa75988b5bfb96024fc671a05
                                                                                                                            • Instruction ID: 06a598d4e79ce5b776b938afaf875d40e9aa83e837956eddf459721e460c8a3f
                                                                                                                            • Opcode Fuzzy Hash: 5bf176f52e4322211afcd9810f541ef6345f721fa75988b5bfb96024fc671a05
                                                                                                                            • Instruction Fuzzy Hash: 6EC1DB316082268FC318EF28D8506FA73E2FBD5314F55863DE196CB1C5EB35951ACB80
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 1$6
                                                                                                                            • API String ID: 0-3837403786
                                                                                                                            • Opcode ID: ff210be6d71df849f690df41db86e5df1b341b7e49f4c7a55e040dac149f336b
                                                                                                                            • Instruction ID: a928555038279886b79eb774336f4d562a0299c15e7e40da7d9eac9a1e2589f2
                                                                                                                            • Opcode Fuzzy Hash: ff210be6d71df849f690df41db86e5df1b341b7e49f4c7a55e040dac149f336b
                                                                                                                            • Instruction Fuzzy Hash: 31A1BA72518B168BC31CEF6CD8858E6B396EBD9311B20C76DD486CB1D6DB35980BCA84
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 0123456789ABCDEFXP$0123456789abcdefxp
                                                                                                                            • API String ID: 0-595753566
                                                                                                                            • Opcode ID: 82447d291205baa88b5a57d9a87973b623c065947e16f969f36a84c3bba52d5c
                                                                                                                            • Instruction ID: 974254e425181c96fd49b605b7a021c9de8ae618ad78d79e45c9b0a53c6fda32
                                                                                                                            • Opcode Fuzzy Hash: 82447d291205baa88b5a57d9a87973b623c065947e16f969f36a84c3bba52d5c
                                                                                                                            • Instruction Fuzzy Hash: 64A1AF31A0C3868BDB18CE24C0843AEBBE6FFD5318F14896DE5D597391D3759989CB82
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 0$8
                                                                                                                            • API String ID: 0-46163386
                                                                                                                            • Opcode ID: c9481420fd3cd332aba14c09f3afdf92192e5cc49ef9c73813563d251fef520c
                                                                                                                            • Instruction ID: 824c7325fb3eedf71a57f82235c25dd860277f7c09a40e5f1dea624afb412b7b
                                                                                                                            • Opcode Fuzzy Hash: c9481420fd3cd332aba14c09f3afdf92192e5cc49ef9c73813563d251fef520c
                                                                                                                            • Instruction Fuzzy Hash: 14C11131209384EFCB158F68C840A9EBBE1BF99354F04891DF9C897261D37AD958DB92
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Noni$f[zU
                                                                                                                            • API String ID: 0-2312422219
                                                                                                                            • Opcode ID: a520e002fb87bdf241d6f35e93c6aad7708eb1382dc84332bba4bdb5b0e305b4
                                                                                                                            • Instruction ID: f134e984e07ebaf69131380e4d01066e159d9a06e45b5e22fb07bc18e024549d
                                                                                                                            • Opcode Fuzzy Hash: a520e002fb87bdf241d6f35e93c6aad7708eb1382dc84332bba4bdb5b0e305b4
                                                                                                                            • Instruction Fuzzy Hash: 6491DBB01443108BEB289F24D9D57263BB2FF65304F24958CD9464F7AAD7B6E882CF85
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 9$c
                                                                                                                            • API String ID: 0-4054373961
                                                                                                                            • Opcode ID: 3407328aed204039311caf6412ee87210c0f92e73492d10d44b613e552107daa
                                                                                                                            • Instruction ID: 421f624dde5d82edb2fbabba9a0f7b356842f19de657dd92a629bba194381f88
                                                                                                                            • Opcode Fuzzy Hash: 3407328aed204039311caf6412ee87210c0f92e73492d10d44b613e552107daa
                                                                                                                            • Instruction Fuzzy Hash: 8D71DB32558A4A4BC718EB299C855BB73D2FBC9301F54863DC4CB8B585EB3269078B82
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: '$f
                                                                                                                            • API String ID: 0-2541399228
                                                                                                                            • Opcode ID: 0a41ce47058c4aa00a9425d40f8356edb57aaf4573480ad19e546e6fffe30786
                                                                                                                            • Instruction ID: 41ab50ec6e77208c82809dc037f8b910948efa4fca92cc0a64c1eca61e5b1323
                                                                                                                            • Opcode Fuzzy Hash: 0a41ce47058c4aa00a9425d40f8356edb57aaf4573480ad19e546e6fffe30786
                                                                                                                            • Instruction Fuzzy Hash: 6561BC35118A154BE70CEB3CE8658FBB3D2EBC5320FA18B6ED056C71D6DB75950ACA40
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: "$\
                                                                                                                            • API String ID: 0-1472051173
                                                                                                                            • Opcode ID: 059fb2b34d287a1b9fe1e2b5162cdb6421823d85dcf0eb15d4059fc5b504e5bd
                                                                                                                            • Instruction ID: a54fe4ccbac1274c16b0c738ecdc7503627e0b5d3d7390018f51371a3b8b8bdb
                                                                                                                            • Opcode Fuzzy Hash: 059fb2b34d287a1b9fe1e2b5162cdb6421823d85dcf0eb15d4059fc5b504e5bd
                                                                                                                            • Instruction Fuzzy Hash: 1B51AC3261C7124BD31CEF2DD9451ABB3D1EBD6311F20CA3DD4D78B186DA3554078A86
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 2#$s$Y
                                                                                                                            • API String ID: 0-3836326983
                                                                                                                            • Opcode ID: 78132b46f65b1cf359cc5b930a741779072d6b1c1376b801f7c5374540ee300f
                                                                                                                            • Instruction ID: 227abde962eda1a22aa2ef46f67a9f3b6c1b58a15dbd2a523b53c093b886e752
                                                                                                                            • Opcode Fuzzy Hash: 78132b46f65b1cf359cc5b930a741779072d6b1c1376b801f7c5374540ee300f
                                                                                                                            • Instruction Fuzzy Hash: 4E618A326087558BC718EE2EE4514BAB7E2FBC5310F54CA3EE48BC75D4DB3458868782
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: ,${
                                                                                                                            • API String ID: 0-4163448708
                                                                                                                            • Opcode ID: 93915f48d0f6cb1b48c281ea2b7cdda2c767766c2919450ec20d4243614ae65d
                                                                                                                            • Instruction ID: 62dde106462d230e84a587598ed19014bf2afaa6d9761d0ad83753f8fec33e2b
                                                                                                                            • Opcode Fuzzy Hash: 93915f48d0f6cb1b48c281ea2b7cdda2c767766c2919450ec20d4243614ae65d
                                                                                                                            • Instruction Fuzzy Hash: 035166765087128BD30DEB38D8508EA73E2EBD2320F55C73DD1A28B5D5DB35651AC740
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 3$V
                                                                                                                            • API String ID: 0-2861340604
                                                                                                                            • Opcode ID: e38f2bc7ae078b359e96866e7745e3e5cdc40521349cd1aaecc1a4e55e897d4d
                                                                                                                            • Instruction ID: d64cd0b6ebb11b1b5b3cc67bc4545d455d60fc1aae29f3be850bcaf470639706
                                                                                                                            • Opcode Fuzzy Hash: e38f2bc7ae078b359e96866e7745e3e5cdc40521349cd1aaecc1a4e55e897d4d
                                                                                                                            • Instruction Fuzzy Hash: DD5156321183068BDB1CEB28E4118EBB7E1EFC5324F618B3DD097C7998E3355156DA01
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 9j$,I
                                                                                                                            • API String ID: 0-3422571232
                                                                                                                            • Opcode ID: 2e0a1e951e35272bc20ed8c17814aa6548d143998e2e43eed9c86ad8466003c8
                                                                                                                            • Instruction ID: 657b9f208f023ee5b8a3a500735cd368ac8bd8af20d1eaada861eccde9b51bb7
                                                                                                                            • Opcode Fuzzy Hash: 2e0a1e951e35272bc20ed8c17814aa6548d143998e2e43eed9c86ad8466003c8
                                                                                                                            • Instruction Fuzzy Hash: 1C4111266041260BDB0CEA34C8625FB77E3EBC5350F94D23E9987CF586EA38451AC780
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: _a c
                                                                                                                            • API String ID: 0-3120592319
                                                                                                                            • Opcode ID: 2ea076422d15f259e46f1fbe6819640968266f22eeb3074827892102761bc453
                                                                                                                            • Instruction ID: 0e811466973837f6aec38d72f7bf60a7a544fa179eab1a77d798e4cff8a64668
                                                                                                                            • Opcode Fuzzy Hash: 2ea076422d15f259e46f1fbe6819640968266f22eeb3074827892102761bc453
                                                                                                                            • Instruction Fuzzy Hash: 1B12DFB0600B109FD7249F39D9827A37BF5FF45314F144A2DE89A8B791E334A845CB92
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: _a c
                                                                                                                            • API String ID: 0-3120592319
                                                                                                                            • Opcode ID: aa8d2a174cf78a4ef7b8da4f8d16818e51647d57595c55f9a3c8001e9ea88b78
                                                                                                                            • Instruction ID: d87b54689a0d34195d1aa29ab65875cfae5c5e1f8e6f7b67520effb15694a4ca
                                                                                                                            • Opcode Fuzzy Hash: aa8d2a174cf78a4ef7b8da4f8d16818e51647d57595c55f9a3c8001e9ea88b78
                                                                                                                            • Instruction Fuzzy Hash: 0E12E1B0600B109FD7249F39D9827637BF4FF45314F144A2DE89A8B795E334A855CB92
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: %1.17g
                                                                                                                            • API String ID: 0-1551345525
                                                                                                                            • Opcode ID: 7e9c932a37836e83150f89e328236420ec33deca25beee19d50350f01dbd34f2
                                                                                                                            • Instruction ID: 951c7fc816c5fced4fd325e71cabdd2f747a691b30adde0f038d79d4ba12f8e7
                                                                                                                            • Opcode Fuzzy Hash: 7e9c932a37836e83150f89e328236420ec33deca25beee19d50350f01dbd34f2
                                                                                                                            • Instruction Fuzzy Hash: 1F12D7B2A04B41CBE7158E18D4803AAB7D6FFE1318F19856DD8A9CB351E7B1DC85C781
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: "
                                                                                                                            • API String ID: 0-123907689
                                                                                                                            • Opcode ID: 27efb59d8c3a42815183dfd79f844d8e56b1619eee6eb80f319402ff221c0e9a
                                                                                                                            • Instruction ID: ed1fbf0cfdc88a2a5117d64d3234435721a7744d8a182d9705b932fd5697b741
                                                                                                                            • Opcode Fuzzy Hash: 27efb59d8c3a42815183dfd79f844d8e56b1619eee6eb80f319402ff221c0e9a
                                                                                                                            • Instruction Fuzzy Hash: 05D1D2B2A083149BD725CE28C89176BB7E9FBD4314F18896DE989C7382E734DD4487D2
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: _a1c
                                                                                                                            • API String ID: 0-3923334831
                                                                                                                            • Opcode ID: ff8ab369c70a7380ad1d9f91ca6d98d25b54fac2f3efb36ce3647e6a5f456fa3
                                                                                                                            • Instruction ID: 6d822f1a2e5d46b95202eb3ae1fac8df0a5334ab5bba7d5c4e292adc449255e4
                                                                                                                            • Opcode Fuzzy Hash: ff8ab369c70a7380ad1d9f91ca6d98d25b54fac2f3efb36ce3647e6a5f456fa3
                                                                                                                            • Instruction Fuzzy Hash: CBC1FDB55093018BD7108F28C89136BBBE2FFD6754F188A1CE4C49B3A5E7798942CB86
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: g
                                                                                                                            • API String ID: 0-30677878
                                                                                                                            • Opcode ID: 662c18780bd62e4af2d04acc1e89b7fe989686818ca90a4d860c257bc60228ee
                                                                                                                            • Instruction ID: 66bf39808326ee2a50b938e8f533396a69c720b29cefd4ecf0ca4a8508491cd8
                                                                                                                            • Opcode Fuzzy Hash: 662c18780bd62e4af2d04acc1e89b7fe989686818ca90a4d860c257bc60228ee
                                                                                                                            • Instruction Fuzzy Hash: 24C1BA72608A168BD30CDE3888915BBB392FBC5320F50DB3DD59BC76D5DB35A8068B81
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 0-3916222277
                                                                                                                            • Opcode ID: b76b8c449249f83d27fdc07eb7d515364c1f19ee1d024c38be8de42568a512a5
                                                                                                                            • Instruction ID: 4be50677bc06411aa8cd446ee988ced4aaa86ae995ea6d2843f3811a82f3b8be
                                                                                                                            • Opcode Fuzzy Hash: b76b8c449249f83d27fdc07eb7d515364c1f19ee1d024c38be8de42568a512a5
                                                                                                                            • Instruction Fuzzy Hash: 03B1FE3250C6569BC709DF29D8814E6B7E2EBD6720F1487ADE49A8B282DB319907C781
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 9
                                                                                                                            • API String ID: 0-2366072709
                                                                                                                            • Opcode ID: 8b6b3e7c72407bfd707bb24f12de45131bfba6c402101768cbf744ef1dda1027
                                                                                                                            • Instruction ID: f19d449e8b50ce5c2b03caa389feae3412d5ae0f1dde931989aabcc743ea562d
                                                                                                                            • Opcode Fuzzy Hash: 8b6b3e7c72407bfd707bb24f12de45131bfba6c402101768cbf744ef1dda1027
                                                                                                                            • Instruction Fuzzy Hash: D6B1EA324087268BD32DDF29D8854E2B3D2FBC5314FA08A6DD486CB195EB75651BCBC1
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 8977
                                                                                                                            • API String ID: 0-400282742
                                                                                                                            • Opcode ID: abc49db73c8cd7c196f85d62b5a9929a8828bb3af80955749a2e31bacc4da5a5
                                                                                                                            • Instruction ID: 35d4ac066d9ce6a1e6d30f8b349b3c34b15ce427f336825c4b4c7fddad5eac5f
                                                                                                                            • Opcode Fuzzy Hash: abc49db73c8cd7c196f85d62b5a9929a8828bb3af80955749a2e31bacc4da5a5
                                                                                                                            • Instruction Fuzzy Hash: 68A12072A043115BE724DF288C8176BB7EAFBC6715F09492CED95D3252EE34EC098792
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: g
                                                                                                                            • API String ID: 0-30677878
                                                                                                                            • Opcode ID: 825eb8cd2197169fd021972528d33b0163a2748db2831c5c44427dce3fcd8fbf
                                                                                                                            • Instruction ID: 932340bfec745dfb79c381f58031e6844eef20a2ec4de0f958190ee847e81e48
                                                                                                                            • Opcode Fuzzy Hash: 825eb8cd2197169fd021972528d33b0163a2748db2831c5c44427dce3fcd8fbf
                                                                                                                            • Instruction Fuzzy Hash: AE91D676918A0E8BC31CDA29D8425F673D2FBC6320F50873EDAC7C76D6DA3494078685
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: d
                                                                                                                            • API String ID: 0-2564639436
                                                                                                                            • Opcode ID: 838b0a382ffe5e676b9f04141742db17a8f3b45969d84c20f84fee9b62dee7d9
                                                                                                                            • Instruction ID: ac3db12fb38b3dca6d8f7b3a102bfa753ca4de2f4f9e4a5bf93affad370bb851
                                                                                                                            • Opcode Fuzzy Hash: 838b0a382ffe5e676b9f04141742db17a8f3b45969d84c20f84fee9b62dee7d9
                                                                                                                            • Instruction Fuzzy Hash: 70A199326186028BD71CEF69C8914F673E2FBD5310B20863EE597C75D9E735A80ACB80
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: +
                                                                                                                            • API String ID: 0-2126386893
                                                                                                                            • Opcode ID: 8930c45f54abed4365ec277d1fe40fa223eafea0524f82829753c976bce43376
                                                                                                                            • Instruction ID: bf83cc3a417a6bbd8c14a08cec79ca29681c5d160ab8e318c1050e5ee39b825d
                                                                                                                            • Opcode Fuzzy Hash: 8930c45f54abed4365ec277d1fe40fa223eafea0524f82829753c976bce43376
                                                                                                                            • Instruction Fuzzy Hash: 9F91B93121C6468BC31CEB28D8926FAB3E5EBC5304F508A3DD4DB871C2DB39940ACB45
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: &
                                                                                                                            • API String ID: 0-1010288
                                                                                                                            • Opcode ID: 19c4b26c89a4a7cf2fe727ee5b5af5047d9a18887c45403fdf6f0112a4b567ba
                                                                                                                            • Instruction ID: ed390ea19045790e782f32ba376418ba2e98ba6a569afe7e282123615fad376c
                                                                                                                            • Opcode Fuzzy Hash: 19c4b26c89a4a7cf2fe727ee5b5af5047d9a18887c45403fdf6f0112a4b567ba
                                                                                                                            • Instruction Fuzzy Hash: 81A165361186078BC328EF28E9514FAB3A1EBC5311F648B3ED59BCB2D5EB395116CB41
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: L
                                                                                                                            • API String ID: 0-2909332022
                                                                                                                            • Opcode ID: ad359a785ea39deef6ca4860b465ffe2e6c146bc478d2c3d91ef7c56a50c9739
                                                                                                                            • Instruction ID: e7f6a108117c417758d587b25f0c1b2921c536b9ac30b432ec25c60f9d658982
                                                                                                                            • Opcode Fuzzy Hash: ad359a785ea39deef6ca4860b465ffe2e6c146bc478d2c3d91ef7c56a50c9739
                                                                                                                            • Instruction Fuzzy Hash: 919199356087A64BC318EA29D8501FBB7D2EBC5320F14CA3EE59AC76C4E779950ACB41
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID: InA>
                                                                                                                            • API String ID: 2994545307-2903657838
                                                                                                                            • Opcode ID: 323054061acfba6d55710e5513f906b886c664c39d1a2e7966224f86c0f8aff0
                                                                                                                            • Instruction ID: ab0348c1dc9a5172a745e4ba763ebabf18b3255d77791f06676b0df25a5f875c
                                                                                                                            • Opcode Fuzzy Hash: 323054061acfba6d55710e5513f906b886c664c39d1a2e7966224f86c0f8aff0
                                                                                                                            • Instruction Fuzzy Hash: C0610331A4830D5BD724DE68CD8072AB7E2FBC8315F24893CE795CB2A7E6719C058B55
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: :
                                                                                                                            • API String ID: 0-336475711
                                                                                                                            • Opcode ID: 8f8f55a4e0df3e7d9dddf5bfcdac3a63175fb32b6bcb7e7bc2bb9181dbd04b54
                                                                                                                            • Instruction ID: da9b706cfd06283096c5eee6f4de371fd8b0a36497d3a6b837637c3e61485f9c
                                                                                                                            • Opcode Fuzzy Hash: 8f8f55a4e0df3e7d9dddf5bfcdac3a63175fb32b6bcb7e7bc2bb9181dbd04b54
                                                                                                                            • Instruction Fuzzy Hash: E271ED31128A2A4BC308EA6CE4558F677D1EBD5330F64877DE8E6C3596DB29891B8B40
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 8977
                                                                                                                            • API String ID: 0-400282742
                                                                                                                            • Opcode ID: 1f97ad247acdc184c32ab437ac0412dc111277914a3e17bb8d316b24eed2eb90
                                                                                                                            • Instruction ID: 118e3c543f47d42822139db4370b81d77f48bf885597794c6b92bdc5dc419165
                                                                                                                            • Opcode Fuzzy Hash: 1f97ad247acdc184c32ab437ac0412dc111277914a3e17bb8d316b24eed2eb90
                                                                                                                            • Instruction Fuzzy Hash: EB5168327042155BD7289A2C8D9172B77D2FBD6325F29863CED95DB3D2EE30AC098780
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: !
                                                                                                                            • API String ID: 0-2657877971
                                                                                                                            • Opcode ID: 252747a86d085a06517e30845793d465095e7e7a43fa955f369434e1570d7b6f
                                                                                                                            • Instruction ID: 423419dc29178f39119d805ecb4a1ec988ca38113ff71b304d4f76643a90a519
                                                                                                                            • Opcode Fuzzy Hash: 252747a86d085a06517e30845793d465095e7e7a43fa955f369434e1570d7b6f
                                                                                                                            • Instruction Fuzzy Hash: 9561DE3131870A8BC32DAA28D8558B673D2EBC6325F64877ED593CB1D1DF259807CA82
                                                                                                                            Strings
                                                                                                                            • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 0081E12B
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                                                                                            • API String ID: 0-2471034898
                                                                                                                            • Opcode ID: 1a7013a717b4bb1d9b77f72a5c60182c754e598da45e75f3bae4b8cd3d574cad
                                                                                                                            • Instruction ID: e9580caabefce1027841b54af59c472a55e7adc50f125d8bbc51db22f2f7ef3b
                                                                                                                            • Opcode Fuzzy Hash: 1a7013a717b4bb1d9b77f72a5c60182c754e598da45e75f3bae4b8cd3d574cad
                                                                                                                            • Instruction Fuzzy Hash: 9B514933E19AA45BC714893C4C012E97A5BBFD6334B2DC3A6EDB1DB3D5C96A8D424390
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: A
                                                                                                                            • API String ID: 0-3554254475
                                                                                                                            • Opcode ID: 01ef76c55d3958c6c6cbac73f8579a879ec0cea57fc3bff16ccb6fb0b6b65a38
                                                                                                                            • Instruction ID: 4ea53476c06e5db6e40525bb5c1b918962b5afb92e973486b650856173ccfdf8
                                                                                                                            • Opcode Fuzzy Hash: 01ef76c55d3958c6c6cbac73f8579a879ec0cea57fc3bff16ccb6fb0b6b65a38
                                                                                                                            • Instruction Fuzzy Hash: 7861A6392082578BC71DEE3CA4815FA7392EBC5311F688A3DD19BC71D8DB38641AC701
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: g
                                                                                                                            • API String ID: 0-30677878
                                                                                                                            • Opcode ID: 3d626501c55585c8dd8ff55657c258d9c3b56e003792bcaff9b25c5134800397
                                                                                                                            • Instruction ID: cf362855e71575e8cae91dceab203d14f17c3858f4eb39cd4fc4dd4ff5894628
                                                                                                                            • Opcode Fuzzy Hash: 3d626501c55585c8dd8ff55657c258d9c3b56e003792bcaff9b25c5134800397
                                                                                                                            • Instruction Fuzzy Hash: F551DA36514A268BD31CD92C88A21F6B386F7C6321F44823ED55BC76D9EF79A5068280
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: E
                                                                                                                            • API String ID: 0-3568589458
                                                                                                                            • Opcode ID: 9ab90b0815ff1f479049632eaff4380d56f54f145510b52551596628210a5f05
                                                                                                                            • Instruction ID: ec165ca9d2054cc25a353762b4dace578688910e54f2de966775510f1bba3dac
                                                                                                                            • Opcode Fuzzy Hash: 9ab90b0815ff1f479049632eaff4380d56f54f145510b52551596628210a5f05
                                                                                                                            • Instruction Fuzzy Hash: C36175355083628BD30DEF28D4909EAB3E2EBD2320F50CA7ED196CB5C5DB39551ACB80
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: g
                                                                                                                            • API String ID: 0-30677878
                                                                                                                            • Opcode ID: fef18053fac39e96818fa3c544b0666b7d555774dfbc9e11ee2677a5dfe181ae
                                                                                                                            • Instruction ID: 2d03477042a116d6f4808fcd4a26ba187a9246343b5d155a27471884c52ae7ec
                                                                                                                            • Opcode Fuzzy Hash: fef18053fac39e96818fa3c544b0666b7d555774dfbc9e11ee2677a5dfe181ae
                                                                                                                            • Instruction Fuzzy Hash: 9151773251C70A8AD31CEF28E8425BBB3E1EBD1321F20967ED58AC3592EB759412C756
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: >ebg
                                                                                                                            • API String ID: 0-4222723227
                                                                                                                            • Opcode ID: d72507aebaadd30abb4275683c8ddeb160b985be0c8d34d9105457ac27c993ba
                                                                                                                            • Instruction ID: 30afbb52fafe69ea5ac864733335d89e69c77b5e670445da7523ec2085683f55
                                                                                                                            • Opcode Fuzzy Hash: d72507aebaadd30abb4275683c8ddeb160b985be0c8d34d9105457ac27c993ba
                                                                                                                            • Instruction Fuzzy Hash: 035148225483558FD7288B288480767BBD1FFD6350F0A8678D9E18B3D2D2358909D3D3
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: ;?
                                                                                                                            • API String ID: 0-514393361
                                                                                                                            • Opcode ID: 9460c212049383bb352e480f74d0c9ba4b06b3fd9d19f797a45dc7791988b95c
                                                                                                                            • Instruction ID: 7d89402fa3efae10f61177d606c19eeec0e1dfede448ae78aaaf3ce5e17599d4
                                                                                                                            • Opcode Fuzzy Hash: 9460c212049383bb352e480f74d0c9ba4b06b3fd9d19f797a45dc7791988b95c
                                                                                                                            • Instruction Fuzzy Hash: AC5175345087028BD708EF38D8515EBB3E2EFC9324F508B3DE49687A90E774981ACB95
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: C
                                                                                                                            • API String ID: 0-1037565863
                                                                                                                            • Opcode ID: 98f02d864c7efaf1488b75c8119da351f21e2a52d7f568168819ffa3947fa9a5
                                                                                                                            • Instruction ID: 57f64c686784b4bc27381a03a7b14016136f8f502ab6b60830d0f5d41a6433ca
                                                                                                                            • Opcode Fuzzy Hash: 98f02d864c7efaf1488b75c8119da351f21e2a52d7f568168819ffa3947fa9a5
                                                                                                                            • Instruction Fuzzy Hash: D051AD362192168BC718EF6DE8110EF73E2FBD8300F25C93ED186CB695DB35481A8B81
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: g
                                                                                                                            • API String ID: 0-30677878
                                                                                                                            • Opcode ID: 6c96f48346ca5810577366c2d3f63e8efc61b0efe07a55974589cc73bdcaae86
                                                                                                                            • Instruction ID: 0e6e5a7a3b6be37a7ad8acf1f800f346593e5ff7259c4d8db609b487897f5e8b
                                                                                                                            • Opcode Fuzzy Hash: 6c96f48346ca5810577366c2d3f63e8efc61b0efe07a55974589cc73bdcaae86
                                                                                                                            • Instruction Fuzzy Hash: 0641873261860A8BC31CDF2CE9C65BAB3E9FBC4311F64863ED58BC3591EB74511A8685
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: "
                                                                                                                            • API String ID: 0-123907689
                                                                                                                            • Opcode ID: 0a337889224c764d010fb063989f173144943323fb692702b6671d99356d0558
                                                                                                                            • Instruction ID: 08f6e535a07b34970e3b4154dbc8976f23be1b55829da3e862ba7513b55253bb
                                                                                                                            • Opcode Fuzzy Hash: 0a337889224c764d010fb063989f173144943323fb692702b6671d99356d0558
                                                                                                                            • Instruction Fuzzy Hash: 4F516A3654C7428FC319EF3C98694A9BBE2EFD6310B2486BED092C75D1DB715016EB02
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: *
                                                                                                                            • API String ID: 0-163128923
                                                                                                                            • Opcode ID: b164198cbb187576efaaa8913cd3556f47c5c2088072b8202fb49aaf8773f3d3
                                                                                                                            • Instruction ID: d39203b59237d9ffe7ab394d30f51654bd9eed58e4bfa9e6ef314acae391400b
                                                                                                                            • Opcode Fuzzy Hash: b164198cbb187576efaaa8913cd3556f47c5c2088072b8202fb49aaf8773f3d3
                                                                                                                            • Instruction Fuzzy Hash: 9C5148765187128FC308EF29D9802BEB3E1BFD5310F118A2DE5D987285D739980ACB82
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: z
                                                                                                                            • API String ID: 0-1657960367
                                                                                                                            • Opcode ID: 884a6380ad4f0287cacc604c6d4c89f882129bf3490aab09409d3323766334d0
                                                                                                                            • Instruction ID: 029b5fbf9bdd908bd0afc7e945efde7bedd6dae93c46c9a8a5e6a7716e6bb045
                                                                                                                            • Opcode Fuzzy Hash: 884a6380ad4f0287cacc604c6d4c89f882129bf3490aab09409d3323766334d0
                                                                                                                            • Instruction Fuzzy Hash: 0F5178315187028BE71CEB38D8519EBB3D2EBD5360F608A7ED059CBAC1D779940ACB45
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 4;
                                                                                                                            • API String ID: 0-1274546220
                                                                                                                            • Opcode ID: f542855982292a85faebd6f7dcda25a507f57326286a01b107c702669de3163a
                                                                                                                            • Instruction ID: d86a2257713c2972e12f7742416c3b4175ca7ffadd782923349e21785ca383ae
                                                                                                                            • Opcode Fuzzy Hash: f542855982292a85faebd6f7dcda25a507f57326286a01b107c702669de3163a
                                                                                                                            • Instruction Fuzzy Hash: 665185362282924BC709EF7C94944ABB3E2FBC5310F60CA3CC496CB8D4E735911ACB41
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: j
                                                                                                                            • API String ID: 0-2137352139
                                                                                                                            • Opcode ID: 08d0d73861b26efb465f497b60fc13b231c019f0526407f8bd117eafe128491c
                                                                                                                            • Instruction ID: d2e56e85b5b1a39b78131a2969ffd37bdd4d4784f399a312ab8be8dfdfd5c4ea
                                                                                                                            • Opcode Fuzzy Hash: 08d0d73861b26efb465f497b60fc13b231c019f0526407f8bd117eafe128491c
                                                                                                                            • Instruction Fuzzy Hash: 3A416A726187128BD318EF28E4846AB7BE3FBC5310F248A3EE586C3195D73A5419CB41
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: N
                                                                                                                            • API String ID: 0-1130791706
                                                                                                                            • Opcode ID: c4d61b3b4a23a47cb729e1908c8f49c9e79d42e7714c7ff4c4015304c8ce51c9
                                                                                                                            • Instruction ID: a74de743a57f6c79763183ffc8c00551b7f889515c32cc4e702e3df438303693
                                                                                                                            • Opcode Fuzzy Hash: c4d61b3b4a23a47cb729e1908c8f49c9e79d42e7714c7ff4c4015304c8ce51c9
                                                                                                                            • Instruction Fuzzy Hash: 5441673120C35A8FD718EB29E4800ABB7E6EFD6324F28C93ED492D7185E6791509CB46
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: m
                                                                                                                            • API String ID: 0-3775001192
                                                                                                                            • Opcode ID: 057eddc4bb4f9164777988625b1d8620ff4c2eb52f2415d47cd4b4c8849cc5a4
                                                                                                                            • Instruction ID: 9e664158fef6011e2a3e7beb13b59e4c48801aae7212c4f74b20c6e81e06040f
                                                                                                                            • Opcode Fuzzy Hash: 057eddc4bb4f9164777988625b1d8620ff4c2eb52f2415d47cd4b4c8849cc5a4
                                                                                                                            • Instruction Fuzzy Hash: 9C4179352187128BE71CDB38D4545EA73E2EBD5320F548B7ED0598B5C6C7B5640ACB08
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 5
                                                                                                                            • API String ID: 0-2226203566
                                                                                                                            • Opcode ID: a317963dcd32a65f4676c69d47b18ca8571ae166098309b8586d389d6ababbee
                                                                                                                            • Instruction ID: da9e4765e282d2c83217928c3d806458e08857b6f8cde96bb36c4c589353c352
                                                                                                                            • Opcode Fuzzy Hash: a317963dcd32a65f4676c69d47b18ca8571ae166098309b8586d389d6ababbee
                                                                                                                            • Instruction Fuzzy Hash: EE4154320186064BC31CEF7CA8558F6B391EF99311F64D63DE5DAC38D4DB2584469B08
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: V
                                                                                                                            • API String ID: 0-1342839628
                                                                                                                            • Opcode ID: 5e03c7920016520fd965c33f67cd0c5eda8b938cc52451a5d105112c1a6bdbc4
                                                                                                                            • Instruction ID: 7cf10cbba98078c5cdc54e04b8df610993420275193b758fb5c663ddb30be0d1
                                                                                                                            • Opcode Fuzzy Hash: 5e03c7920016520fd965c33f67cd0c5eda8b938cc52451a5d105112c1a6bdbc4
                                                                                                                            • Instruction Fuzzy Hash: 9041253610C3428BD708EF69E8514BAB7E2FFE1320F68CE3DD49A86491E735451ACB12
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: g
                                                                                                                            • API String ID: 0-30677878
                                                                                                                            • Opcode ID: 9ed91c37d5f21b3714a3e4fed488a3e36f050ecb73eae87d8b9b3a3d88f4f349
                                                                                                                            • Instruction ID: 78b64e2ce05242597b3061903b56b7c0e89b94b87ab5a6947ba47e1a99439aff
                                                                                                                            • Opcode Fuzzy Hash: 9ed91c37d5f21b3714a3e4fed488a3e36f050ecb73eae87d8b9b3a3d88f4f349
                                                                                                                            • Instruction Fuzzy Hash: 5731C8720682598FE70CEB6CD8428FB77A1EBC6321F64C23EC48387483D229511BCB06
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID: @
                                                                                                                            • API String ID: 2994545307-2766056989
                                                                                                                            • Opcode ID: 287eeaafd4a5a2df0e6ef6aafe00474908f358fcdf4d4550f62375f54d28b624
                                                                                                                            • Instruction ID: 6df931d1d92e4d5e2d66c626cac1cf50a1d93a80ce19fa82ac0c557a8099e04d
                                                                                                                            • Opcode Fuzzy Hash: 287eeaafd4a5a2df0e6ef6aafe00474908f358fcdf4d4550f62375f54d28b624
                                                                                                                            • Instruction Fuzzy Hash: EE3133715083049BD328DF68D8D16AFB7F5FBD5318F04A92CEA8587381D3789888CB96
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a8ab91d96b614ffc32b5fa80087b3f1f2b0063c5578c7861bfb2dfe3bef1e3c0
                                                                                                                            • Instruction ID: 35af365af66f293469477614e6fc15e49ef7f4457e5a74470232ebf74f6bfedf
                                                                                                                            • Opcode Fuzzy Hash: a8ab91d96b614ffc32b5fa80087b3f1f2b0063c5578c7861bfb2dfe3bef1e3c0
                                                                                                                            • Instruction Fuzzy Hash: 8F421431A18311CFCB08CF68E8A166AB7F1FB89316F0984BDD986A7351D7349E45CB81
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f2c3befec7e328fd0a647f51c71b9aa57b1f597ad59815ac71e6485802cd9ee9
                                                                                                                            • Instruction ID: 1c1cd75a5f9584216d616218f0bef6cc101708001c062f85e55a672c52010c12
                                                                                                                            • Opcode Fuzzy Hash: f2c3befec7e328fd0a647f51c71b9aa57b1f597ad59815ac71e6485802cd9ee9
                                                                                                                            • Instruction Fuzzy Hash: E1320331A08351CFCB08CF68E8A166AB7F1FB89316F0944BDD986A7351DB349E45CB81
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6651b1095558d970ef62b5f41a450cd9c6a3b20614b4b8dc8311f196beaeea5f
                                                                                                                            • Instruction ID: b5d934dcf70c424c4f31e3c266a7da0876692d97586233502d3edaca9fdf2785
                                                                                                                            • Opcode Fuzzy Hash: 6651b1095558d970ef62b5f41a450cd9c6a3b20614b4b8dc8311f196beaeea5f
                                                                                                                            • Instruction Fuzzy Hash: 6F729EB0608F808ED3268B3C8845797BFD5AB5A324F184A6DD0EEC73D2C7756509CB66
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cb1bcb70acbfee4e27b4b6e957280d31536ee8554e67a9fbc0ed815040a97e41
                                                                                                                            • Instruction ID: 094fb0d512ae5ad1a6e2d239fefd8fb7469eb57886c23a631f17329243a4ad1c
                                                                                                                            • Opcode Fuzzy Hash: cb1bcb70acbfee4e27b4b6e957280d31536ee8554e67a9fbc0ed815040a97e41
                                                                                                                            • Instruction Fuzzy Hash: F96270F0611B009FC3A1CF6D8892B82BBECBB0D751F00495DA5AED7351D77569088F66
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b1c0a514269d6fcaccdb18de83aa07a17cb71578b91ccb2d626c46233c4fd06d
                                                                                                                            • Instruction ID: 135221a27d7374f5cac1468a0c0d677eee375894113eed322a4e6ca92339ea0e
                                                                                                                            • Opcode Fuzzy Hash: b1c0a514269d6fcaccdb18de83aa07a17cb71578b91ccb2d626c46233c4fd06d
                                                                                                                            • Instruction Fuzzy Hash: 1F52BF3150C3498BCB15CF28C0806EABBF5FF99318F198A6DE89A97351D774D989CB81
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 41cf69de1d4e456d8f84cffc09728290288dafaa5b11e95af6da423d564b0ed0
                                                                                                                            • Instruction ID: a193e84422603a5b3a2226c36dcfe60fb3c1be9012b07643e2fa66a2a8e9935b
                                                                                                                            • Opcode Fuzzy Hash: 41cf69de1d4e456d8f84cffc09728290288dafaa5b11e95af6da423d564b0ed0
                                                                                                                            • Instruction Fuzzy Hash: 65120531A08351CFCB08CF28D8A166EBBF1FF89315F1985ADD99697391DB349A05CB81
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1e03848695edb9c7576e03f9d8d44702e5f7b93e84abcbc0155061828c85ecd7
                                                                                                                            • Instruction ID: b20e35b45b681bd31f3eba301a5cdeee05fcbbd6af81567a03caf325bcb5b85d
                                                                                                                            • Opcode Fuzzy Hash: 1e03848695edb9c7576e03f9d8d44702e5f7b93e84abcbc0155061828c85ecd7
                                                                                                                            • Instruction Fuzzy Hash: 7812E431A08351CFCB18CF68E89066AB7F1FF89319F1984BDE58A97351DB349A45CB81
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9a76f43f9fe990f747d7c375593ff1ab373edc1d35ce6756844ae8345fd710c3
                                                                                                                            • Instruction ID: 5aabb1961bc54541fd1fe75f41ef292da9b9a89070539e3d5482547a7c216d66
                                                                                                                            • Opcode Fuzzy Hash: 9a76f43f9fe990f747d7c375593ff1ab373edc1d35ce6756844ae8345fd710c3
                                                                                                                            • Instruction Fuzzy Hash: 8E421171518B148FC368CF29C5905AABBF6FF85710B604A2ED6A787F90D736B885CB10
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: bccf84cf9b8f6cf3ad4bae2c43e684d02fb0d27eda57d0ab6e68ce93c696566c
                                                                                                                            • Instruction ID: 503d0f1b1bfb4facd8ad9271f5c7ce06ca2bbf3899ef01472b365272f3ee66c2
                                                                                                                            • Opcode Fuzzy Hash: bccf84cf9b8f6cf3ad4bae2c43e684d02fb0d27eda57d0ab6e68ce93c696566c
                                                                                                                            • Instruction Fuzzy Hash: 62F1BC71A04355CFDB08CF68D8916AEBBB2FF8A311F2985A8D451AB391D335AD41CF90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: aad8535dfd53d9d0d7fb6daefe3d9810c80ddadcd2cb6d4a4dd11235814260fe
                                                                                                                            • Instruction ID: 4588653cf3d50078645317e2f0223fd28b038f5c106493757bcf4fcc738b183e
                                                                                                                            • Opcode Fuzzy Hash: aad8535dfd53d9d0d7fb6daefe3d9810c80ddadcd2cb6d4a4dd11235814260fe
                                                                                                                            • Instruction Fuzzy Hash: 3BD16B726483044BDB189E2888816AB77E2FFD5314F19852CE9D5CB392E3789D0A97C3
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 903c1a8375b043cd479242b10a1a3b7caa97cabac533b27af5b929761f748981
                                                                                                                            • Instruction ID: 84fa6b6bc4757517d10fd705304f35c7f986fd3e4743ba83f9d5e552617aa3bc
                                                                                                                            • Opcode Fuzzy Hash: 903c1a8375b043cd479242b10a1a3b7caa97cabac533b27af5b929761f748981
                                                                                                                            • Instruction Fuzzy Hash: 88123275608340DFD714CF28D890B9ABBE1BF8830AF18896CE58987391D739D995CF92
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 539d7a8ea2468a6daef91cf5bf7f4511696451d1220c81ba93867f01c880ff64
                                                                                                                            • Instruction ID: 2f031f18d9aeccea93b4ceb33f103b5d89faecfd21b8dd37c7626573a40563b8
                                                                                                                            • Opcode Fuzzy Hash: 539d7a8ea2468a6daef91cf5bf7f4511696451d1220c81ba93867f01c880ff64
                                                                                                                            • Instruction Fuzzy Hash: 63C1E332A05215CFCB18CF68DC902AEBBF2FB89315F1984BDD985E7341DB349A058B91
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: afe845af7c74b6b87cdf8b95eec76e765ab9a5a9fcd3a18c546276246ae496d2
                                                                                                                            • Instruction ID: 21d5f60da4773f7e090b9ed8b86c050571902ee3b4217cfbee88dcc0bccf0cc1
                                                                                                                            • Opcode Fuzzy Hash: afe845af7c74b6b87cdf8b95eec76e765ab9a5a9fcd3a18c546276246ae496d2
                                                                                                                            • Instruction Fuzzy Hash: 75D112B55047418FD724CF28D881763BBE2FF59314F188968E89ACB792E734E886CB51
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f564ef8ddd68ba63a4aae7c67abed358b324630ef6690362dffd20124c30bc5f
                                                                                                                            • Instruction ID: 34501b781315b9da6a5e5ee125df52633a8dce63ab88744c9e629b3705b0ac7d
                                                                                                                            • Opcode Fuzzy Hash: f564ef8ddd68ba63a4aae7c67abed358b324630ef6690362dffd20124c30bc5f
                                                                                                                            • Instruction Fuzzy Hash: 61E18A711093458FC725CF69C880AABBBE5FFA8300F44882DE4D987751E375E988CB92
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f9136dc5f38f7e19e1fdb048f7b83bc4e2fdc2735546cc33c462cda442fbe067
                                                                                                                            • Instruction ID: 901c12962f2a8b27692eb28201679048e52df8f924ad2e638e3978e5e001df19
                                                                                                                            • Opcode Fuzzy Hash: f9136dc5f38f7e19e1fdb048f7b83bc4e2fdc2735546cc33c462cda442fbe067
                                                                                                                            • Instruction Fuzzy Hash: C6D1D171A0C3A54FC725CF28C49062AFBE1FF95214F0986BEE9E58B353D6319845CB92
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5b8399e848cd875c38517825f1549d04d06f74960938bb009e02c806da9e56d7
                                                                                                                            • Instruction ID: ff68c47934d024e5cf3bd8536ab5e6e88dac581ab2091136dc1c753f31270d76
                                                                                                                            • Opcode Fuzzy Hash: 5b8399e848cd875c38517825f1549d04d06f74960938bb009e02c806da9e56d7
                                                                                                                            • Instruction Fuzzy Hash: 54D12B72D046998FDB11CABCC88039DBFA2AB57324F1D8295D5A4EB3C6C6768C06C761
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e32ac99dd114a8f41121854ee3f11b01bd397d71990e990a5b8996cf8cef09a8
                                                                                                                            • Instruction ID: 59e6e227a534eb530c5764c3c43d6fd91f22d13ee7414ff00bdd1f7d20718224
                                                                                                                            • Opcode Fuzzy Hash: e32ac99dd114a8f41121854ee3f11b01bd397d71990e990a5b8996cf8cef09a8
                                                                                                                            • Instruction Fuzzy Hash: 98C1C1B15083828FC714CF28D49126BB7E2FBD9314F18896EE5D987252E339D949CB93
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6165e55e5544c7129c6459a268e9a9e1fef4d63bb73f8d9c8895b5305c57820e
                                                                                                                            • Instruction ID: 5637af2e9d4dc50fb5e220c8b6bf46c6d93ceba3edc706367633c5be26e25e95
                                                                                                                            • Opcode Fuzzy Hash: 6165e55e5544c7129c6459a268e9a9e1fef4d63bb73f8d9c8895b5305c57820e
                                                                                                                            • Instruction Fuzzy Hash: E891DD75208341DFD7189F28DC815AAB7E5FBDA309F08582CE5C5C32A2D739D916CB82
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e92871d84437d453c3a75988e3ddb5b4f58f7ec94500d5ed16dccea4189ac58f
                                                                                                                            • Instruction ID: af34bcb1b45db3980d4124b949b015792d5e1cd29eaaa64a33c8720c5e8e1bf2
                                                                                                                            • Opcode Fuzzy Hash: e92871d84437d453c3a75988e3ddb5b4f58f7ec94500d5ed16dccea4189ac58f
                                                                                                                            • Instruction Fuzzy Hash: 9C81F5B2A083545BE7258E29C88176BBBE5FBD1308F09897CE895CB2C1E774DC0987D1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2fba7223acfd10db0f391d351cfcbf7d6592e11471e579e9e97b846370c549f3
                                                                                                                            • Instruction ID: 8fdb77389dc48b26ec61b8d2e0864e6c45e1a932c0765f1bd5dd8fbb4ed91a9b
                                                                                                                            • Opcode Fuzzy Hash: 2fba7223acfd10db0f391d351cfcbf7d6592e11471e579e9e97b846370c549f3
                                                                                                                            • Instruction Fuzzy Hash: 34C16DB29487418FC320CF68DC96BABB7E5FF85318F08492DD1D9C6242E778A195CB46
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 940d3fc65e929eaf0b3a4cc35336f5e1c7dd21536a2ccbe3ad79d87c8dabd712
                                                                                                                            • Instruction ID: 671b51c4f161d9004c7e68cf0f65d25b8490123b2acde6fc095b51367ab52854
                                                                                                                            • Opcode Fuzzy Hash: 940d3fc65e929eaf0b3a4cc35336f5e1c7dd21536a2ccbe3ad79d87c8dabd712
                                                                                                                            • Instruction Fuzzy Hash: F1A1DE756087119BC724CF28C8A066EB7F2FB89752F14892CEE858B355E771EC45CB82
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 033cde5b7a8226fa5324fc38e0f1f0eba00e2fee7c83d5439c00a92c3e818f71
                                                                                                                            • Instruction ID: 282f7820b967325e4ef2940c7867a057c491333661a1b6a789f21bba3359c0dc
                                                                                                                            • Opcode Fuzzy Hash: 033cde5b7a8226fa5324fc38e0f1f0eba00e2fee7c83d5439c00a92c3e818f71
                                                                                                                            • Instruction Fuzzy Hash: 08B1137260C3888AD3149A38895436BBFD2FBD9328F198A2EE5D6C33D6D774C9048717
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f9b1e0c695c516f1251042fde56747ceffd01dcaf599c286d85d600983a2cf76
                                                                                                                            • Instruction ID: 0d940af635fa912f7aaa2e12d46b9c695b6cd17cae9361609c529b02134a4ff0
                                                                                                                            • Opcode Fuzzy Hash: f9b1e0c695c516f1251042fde56747ceffd01dcaf599c286d85d600983a2cf76
                                                                                                                            • Instruction Fuzzy Hash: 4CC10471515F808FD3258B38D8583A7BBE5AB56314F188E7DC8EBC73C2D635A1448712
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 7a5364c85f2f1091d181de90a4f09de393edfa8f5e43875a454d6921fd2bff2d
                                                                                                                            • Instruction ID: 7831eec24e539e1c54522fe0078a6b60305690107b0838c4a55a7129558e700f
                                                                                                                            • Opcode Fuzzy Hash: 7a5364c85f2f1091d181de90a4f09de393edfa8f5e43875a454d6921fd2bff2d
                                                                                                                            • Instruction Fuzzy Hash: 5981E335604B129BD718DF28C8A0A2AB7E2FF98711F15852CED85CB361E770EC55CB82
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6cdd4390f4b311d9b20b7ec12a1658262c329f91e116fbbf5e9944914f5fbfc1
                                                                                                                            • Instruction ID: a8bf84c375a2443f0ccac22a878de8a2f964e3f3711b4e3aef225e72be657d72
                                                                                                                            • Opcode Fuzzy Hash: 6cdd4390f4b311d9b20b7ec12a1658262c329f91e116fbbf5e9944914f5fbfc1
                                                                                                                            • Instruction Fuzzy Hash: 79811736608314DFD320CF28E88077AB3F9FB99316F16486CE989C7291D7B59805CB92
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9d197599495319bb6b2da28c72c4654d62be378fc1e461a34429f230d187cb97
                                                                                                                            • Instruction ID: 3390328e25001e25148d6d8edbdc165e773eca165d82dcee6b7e483a1c42fb05
                                                                                                                            • Opcode Fuzzy Hash: 9d197599495319bb6b2da28c72c4654d62be378fc1e461a34429f230d187cb97
                                                                                                                            • Instruction Fuzzy Hash: 3BB1F0B5608B808FD3259B38D4553AABFE0BB56314F484E6DD4EBC7382E235A049CB12
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fb8faee804e823a104e24101c70fdb1ab6c5a7c9383b4e6ba0c93962bc8aa6c7
                                                                                                                            • Instruction ID: 9079228925217f6b7508faf1bb260ba272050a4a908d8b45e9bf47f7e62c3923
                                                                                                                            • Opcode Fuzzy Hash: fb8faee804e823a104e24101c70fdb1ab6c5a7c9383b4e6ba0c93962bc8aa6c7
                                                                                                                            • Instruction Fuzzy Hash: 62B10672A09B808BC3558A38C8983EABFD2AFD5314F1D897CC4DEC7346DA396449C712
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b55ab33ba647fb48d3de2cb58244ec1f648221b48b6d78eb1cd34756bf4c2640
                                                                                                                            • Instruction ID: aa102033d390f4c311f12a236f5efb6708d14d2a200ad9d8fe0ffdeea259777d
                                                                                                                            • Opcode Fuzzy Hash: b55ab33ba647fb48d3de2cb58244ec1f648221b48b6d78eb1cd34756bf4c2640
                                                                                                                            • Instruction Fuzzy Hash: C29156325086468BD318EF28D8505BAB3E1FFC9314F64CA3DD196CB6C9E73499068B41
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2199d5db8f011725805a65f7e69af872dd2df59057d4f4cabfeae211ddd84e5b
                                                                                                                            • Instruction ID: e9b79fc14d16ccfddb76ddc788daf10a3f09165e3c27fb3e32cc6b8c05f928d1
                                                                                                                            • Opcode Fuzzy Hash: 2199d5db8f011725805a65f7e69af872dd2df59057d4f4cabfeae211ddd84e5b
                                                                                                                            • Instruction Fuzzy Hash: 4EA10371A09B808FD3158B38D4953ABBFE2EF96308F0C897CC4DE8B346D67960498712
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 75587898d4b20287e5d10b609ca1fbdbe6397157e5c19bc964121fa90aad5611
                                                                                                                            • Instruction ID: 925378473d8793f5a4c8c06f87f4c0eab49811cb300e06d5b4fc1d0d3a065532
                                                                                                                            • Opcode Fuzzy Hash: 75587898d4b20287e5d10b609ca1fbdbe6397157e5c19bc964121fa90aad5611
                                                                                                                            • Instruction Fuzzy Hash: CEA1C671A09B808FD3159B38D4953ABBFD2AF96308F0D887DC5DE8B347D67964098B12
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 51b6712467a8226cd06661b3003399bfcdd7e525640eadc4fe6be05b9998f49d
                                                                                                                            • Instruction ID: a5336200f8b8ee95e3debc9e8db22c976484017373a2ca280e7ad4d07c5cc518
                                                                                                                            • Opcode Fuzzy Hash: 51b6712467a8226cd06661b3003399bfcdd7e525640eadc4fe6be05b9998f49d
                                                                                                                            • Instruction Fuzzy Hash: CA51B932818E094B971CEF59EC865F6B3C9F785311B10973EC8C7C7086EA3665178AC6
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5cddc9d93f46fc96c5a085207a3ad491c4ade6b2b31ddc9f05699258e0bb04d0
                                                                                                                            • Instruction ID: b0e3b5e35657fac8211fbc3ab6147010c87768e4520d1edba602258c8a5e801c
                                                                                                                            • Opcode Fuzzy Hash: 5cddc9d93f46fc96c5a085207a3ad491c4ade6b2b31ddc9f05699258e0bb04d0
                                                                                                                            • Instruction Fuzzy Hash: 38812536A14225CFCB08CF78D89156EB7B2FB8D326F19826DC512A7391D734AA41CF81
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d52402073d743ceefe9f7106761877521b943fd889f171be2b186cfee03376cf
                                                                                                                            • Instruction ID: e4ff88f92be29f0c52f14a84f27fdc53982fcf587a3678a8451461bda19d7469
                                                                                                                            • Opcode Fuzzy Hash: d52402073d743ceefe9f7106761877521b943fd889f171be2b186cfee03376cf
                                                                                                                            • Instruction Fuzzy Hash: BC719736508B168BC72DDA68E4812AAB3D2EBD2310F544B2ED9D2831D6DB355627CAC1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 85bac44199131048f3b12b41b27915c3c447e9605807d7869fa4412110c5d71a
                                                                                                                            • Instruction ID: d70c9ab9923d99fedfdfb1646621f5c1578e329d71a20ea53c668526d538f27b
                                                                                                                            • Opcode Fuzzy Hash: 85bac44199131048f3b12b41b27915c3c447e9605807d7869fa4412110c5d71a
                                                                                                                            • Instruction Fuzzy Hash: 69717975608302CFD708CF14D8A07AA7BE2FB89346F1595ACE88947391C779D985CF81
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4f4149c6a879662732f38c80b86fd1c9fef2020f90ee8c77661a70ac36f690d2
                                                                                                                            • Instruction ID: e40a37fcb0c48d5b79452097bcf555968f6721f97629f293a81778098952c673
                                                                                                                            • Opcode Fuzzy Hash: 4f4149c6a879662732f38c80b86fd1c9fef2020f90ee8c77661a70ac36f690d2
                                                                                                                            • Instruction Fuzzy Hash: E851B032608351CFD318CF38DD8065AB7E1FB8A316F5989ACE899C7250DB389945CB52
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a486db666818c2e1bd888186be0954b1c96f489685e49a8edc7ce2c5e0768d9e
                                                                                                                            • Instruction ID: db0f175bc1a9a232a8e2dfd3d70483cbe8d908a11514139bee6a1268aeae29b5
                                                                                                                            • Opcode Fuzzy Hash: a486db666818c2e1bd888186be0954b1c96f489685e49a8edc7ce2c5e0768d9e
                                                                                                                            • Instruction Fuzzy Hash: F57187352046268BD718EF3CD8909E673E2EBD1310F51873DD056CB5D5EB3AAA1ACB80
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 14fea935e3523c97b77cadddb4e0be65ceefd4ec75d2a0a23106333845e8dbbe
                                                                                                                            • Instruction ID: 09147110aef1665030e7b1885c5c69d41ec0d3feb4d9192b25471dad6a92d20f
                                                                                                                            • Opcode Fuzzy Hash: 14fea935e3523c97b77cadddb4e0be65ceefd4ec75d2a0a23106333845e8dbbe
                                                                                                                            • Instruction Fuzzy Hash: E18122315187128BC714EF38E8815ABB7E2FFD2320F51CA7EA495C71A9D335811ACB86
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 82ee3151b8b6ba79c11c71b66349c50084ad847877ff76d03cbff6a12dc2a541
                                                                                                                            • Instruction ID: 8aa3dff4c9ee77409a2caa6a8bf73a228a41416ad1ade69bc67e8fb0c4a89fde
                                                                                                                            • Opcode Fuzzy Hash: 82ee3151b8b6ba79c11c71b66349c50084ad847877ff76d03cbff6a12dc2a541
                                                                                                                            • Instruction Fuzzy Hash: 2D515CB15087589FE314DF29D49435BBBE1FBC4318F044A2DE5E587350E379DA088B82
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ca9593c72638cf4f5151b6ea00b93eed72279f3c8c9d04c7d5e026bd3f524743
                                                                                                                            • Instruction ID: a95807a5a33cf78afacb7db7f5e6f1da3b62634c7f3382de7ad9161b2ec31c8c
                                                                                                                            • Opcode Fuzzy Hash: ca9593c72638cf4f5151b6ea00b93eed72279f3c8c9d04c7d5e026bd3f524743
                                                                                                                            • Instruction Fuzzy Hash: 415189356042668BD30CEF78CC515EA73E2EBD6310F54C67DD196CB1C5EA399A1AC780
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b04c3594dcd91fd81363db6d255754bb69e31387a73b8d08c2d443e481468dda
                                                                                                                            • Instruction ID: 26eb854c906231974a4aefa0ba41109d49319297576b9f7a076cb6d44ef48329
                                                                                                                            • Opcode Fuzzy Hash: b04c3594dcd91fd81363db6d255754bb69e31387a73b8d08c2d443e481468dda
                                                                                                                            • Instruction Fuzzy Hash: 5E517F75A04610DFC714DF18D880966BBE9FFC9364F158668E899CB392D631EC82CB92
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 06005a92eb47bbcc6777b253358a13d2399f622a277bd004ea009716f3fba752
                                                                                                                            • Instruction ID: fc6b6b75ef84dbb722a4894d150bd87471af674a1134756bdf8117662ebfe737
                                                                                                                            • Opcode Fuzzy Hash: 06005a92eb47bbcc6777b253358a13d2399f622a277bd004ea009716f3fba752
                                                                                                                            • Instruction Fuzzy Hash: 0151CC362086478BC704EB78D8914FAB3D5EFE9310F54CA7DE08ACB691EB35A505C752
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 21f38392664ef3302b93c8c938217aeb696644103a09b566ff0e4fad84418275
                                                                                                                            • Instruction ID: 5fda0199c01e5fafe2e17ff59e472a5e4a7b329ee20a3b7a7ecb5bc434eba7f6
                                                                                                                            • Opcode Fuzzy Hash: 21f38392664ef3302b93c8c938217aeb696644103a09b566ff0e4fad84418275
                                                                                                                            • Instruction Fuzzy Hash: 2B51BA32918216CBE718EF28C8926E673E2FBC2324F54873ED4558B6C5E73A511BC781
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f2b3e6893c07d86f9b7e1507a6a17e830a63abc698d3d456bbcd5cbc2b64d75d
                                                                                                                            • Instruction ID: 3e5c496f349ea63b548caeed8608996e554c986c108b43affd503dce5437ddd3
                                                                                                                            • Opcode Fuzzy Hash: f2b3e6893c07d86f9b7e1507a6a17e830a63abc698d3d456bbcd5cbc2b64d75d
                                                                                                                            • Instruction Fuzzy Hash: 45610972518F818FC3258A38D99436ABFD0AB56228F494F6CD4EBC77D2D268E145CB12
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e914b42256f071b9fc55cffcf399b303a8695dbc396b852efd4027b0c97edc2c
                                                                                                                            • Instruction ID: cd0898d12ec282f006b4a6cca08147beb3d837b2a5faf05f954faaafdf161744
                                                                                                                            • Opcode Fuzzy Hash: e914b42256f071b9fc55cffcf399b303a8695dbc396b852efd4027b0c97edc2c
                                                                                                                            • Instruction Fuzzy Hash: 37513672118FD14BC3358A3888952AABFD1AB57224F898F6CC4EBC77D3D628E445C712
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f0e238b539ad586fce2b2a5f818bb7ed3a7dde90334dc713d76b4f5c0888172b
                                                                                                                            • Instruction ID: 731bb820a8df8d427b6cfe663f6533a7c771e2b0a0afdd3ea9763dbe86242481
                                                                                                                            • Opcode Fuzzy Hash: f0e238b539ad586fce2b2a5f818bb7ed3a7dde90334dc713d76b4f5c0888172b
                                                                                                                            • Instruction Fuzzy Hash: EA415F639105250BEF580A34ECB43F97749FF81364F1D13BDE9A6CB3D2D66889C89291
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f6819ad0efc2bc19ca3364e056e2bb1c612e09dc17b920d125bb77ff689033e6
                                                                                                                            • Instruction ID: b0d48ff82edcded5da82fec490c1833e2bbd73758bf1af5517d611b5120581ab
                                                                                                                            • Opcode Fuzzy Hash: f6819ad0efc2bc19ca3364e056e2bb1c612e09dc17b920d125bb77ff689033e6
                                                                                                                            • Instruction Fuzzy Hash: B5518935614B134BE71CEB38D8909EAB3D2EBC6321F91877DD059CB1D5DB79940ACA40
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 064b80ae447cbe6b5d780914f2b8c9654ffd42648d513a4d5fc3242d8caaeb35
                                                                                                                            • Instruction ID: ccfc60b6bcf5396d82954e9e6de584019a1761598e9627b5e4361ed494bdd8bd
                                                                                                                            • Opcode Fuzzy Hash: 064b80ae447cbe6b5d780914f2b8c9654ffd42648d513a4d5fc3242d8caaeb35
                                                                                                                            • Instruction Fuzzy Hash: D65155355083128FE708EF29D4919EA73E2EBD5320F51C73DC1968B1D5EB35951ACB40
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: af4f5ff5335e5e5e0e69cc374a6aebfbafa1b45419f076d0f0eafe915d93ca94
                                                                                                                            • Instruction ID: 80840cbd1cda79f11064762485acfbce60fc9cb30f4afc733f922baae0e38c07
                                                                                                                            • Opcode Fuzzy Hash: af4f5ff5335e5e5e0e69cc374a6aebfbafa1b45419f076d0f0eafe915d93ca94
                                                                                                                            • Instruction Fuzzy Hash: 5651997180869A8BC71CDB6DE8901F673E2FBA2310F10476ED5ABC75D5DB30152ACA85
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 82b96de5cd57ae3fc92bf70ea0f27ea4653f1350ee403c5227c5cf2aee700a4b
                                                                                                                            • Instruction ID: e7c67ddcf651ab4ad762795a8f1da060600657c2f292fdc6317b5a964d858194
                                                                                                                            • Opcode Fuzzy Hash: 82b96de5cd57ae3fc92bf70ea0f27ea4653f1350ee403c5227c5cf2aee700a4b
                                                                                                                            • Instruction Fuzzy Hash: 66412572608301CFE7188F24DC9276AB3E5FB99305F19883DE5C2D32A0D678E955CB42
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d3aeb55a36bff070542a0ecd19ff68be15a74a957062f038dd34092962170c03
                                                                                                                            • Instruction ID: 10889b36c58eaeaa62ce8317a417067db67802f994823f97c0ee3c3e87e53122
                                                                                                                            • Opcode Fuzzy Hash: d3aeb55a36bff070542a0ecd19ff68be15a74a957062f038dd34092962170c03
                                                                                                                            • Instruction Fuzzy Hash: C2418576A287554FE31CEE7998921AA33D2EBE9310F20C63DC5D6C31C5DA3A540A8742
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d0a05426a2e5be4ba5c678bf5ae337fbea33cf041e4f8bce2681cda9fa2993d9
                                                                                                                            • Instruction ID: 6f691af8b1653b8d50bd3783c88bc6d481767182b157816a625eefd155a18667
                                                                                                                            • Opcode Fuzzy Hash: d0a05426a2e5be4ba5c678bf5ae337fbea33cf041e4f8bce2681cda9fa2993d9
                                                                                                                            • Instruction Fuzzy Hash: 3A4175356042528BD70DEF29C8918EA73E6EBD5314F51C23DC156CB8D6EF35AA1AC740
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f3e687a0c77350db8feca64d9f86feccd65f2483804513ff3c6c37ab7cf7ce89
                                                                                                                            • Instruction ID: bfff625f984386614cd2e740061a1bcba58117c8f4607fc0ca5cae7fa596d5ba
                                                                                                                            • Opcode Fuzzy Hash: f3e687a0c77350db8feca64d9f86feccd65f2483804513ff3c6c37ab7cf7ce89
                                                                                                                            • Instruction Fuzzy Hash: D53137B3E14A280BD7188D2D9C1623A71829BD4215F4E873EDD6ACF3C2EE304D1592C0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 151a2b577b3beabbceee2bacb18a3c10b9512b9aff70514b218f76e57d68ddab
                                                                                                                            • Instruction ID: 698053707588c3b367fd7eb4d416ff6291acb9a67645286e5ca6144c78a794dd
                                                                                                                            • Opcode Fuzzy Hash: 151a2b577b3beabbceee2bacb18a3c10b9512b9aff70514b218f76e57d68ddab
                                                                                                                            • Instruction Fuzzy Hash: A14179356042628BD30CEE39C8914EA73E3E7D1320F55C23DC156CB5C5EE3A991AD740
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5433e56af7d26e7cef932317d9823b417fa466bc6307cafd23575c6d8aeeba65
                                                                                                                            • Instruction ID: 9ee30baffbd9f039cb8d79b03af4bc1f074d03a807d93145aca6e3894a09c6c6
                                                                                                                            • Opcode Fuzzy Hash: 5433e56af7d26e7cef932317d9823b417fa466bc6307cafd23575c6d8aeeba65
                                                                                                                            • Instruction Fuzzy Hash: BF41CC367049125BC31CAE3CD8121FA7392FBC4310F64873EA967C3AE4D739981A8685
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: bb62165a46611bbc4fa4c448c4f97565b81d46738c68b4b2fc5f73fabf16abe2
                                                                                                                            • Instruction ID: 5c30e621bbfe8c94d4363cb0a2bbf190c50d9877eccec4d2295ce239ea2a524b
                                                                                                                            • Opcode Fuzzy Hash: bb62165a46611bbc4fa4c448c4f97565b81d46738c68b4b2fc5f73fabf16abe2
                                                                                                                            • Instruction Fuzzy Hash: 1241EF2A115A538BC70AEF39CC551FA7783AFE6320B08836DC091871DAEB795046C341
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1dd8f4a54593e4d26398b396c8991c4533a7cd7d77c63367af1df2e86823dbb7
                                                                                                                            • Instruction ID: b4502838b010bb5d939b8e7bb0df80975ed95a4008c1d53c463bff68dea11860
                                                                                                                            • Opcode Fuzzy Hash: 1dd8f4a54593e4d26398b396c8991c4533a7cd7d77c63367af1df2e86823dbb7
                                                                                                                            • Instruction Fuzzy Hash: A34157356042628FE70CEF29D8914EA73E2EBD1320F55C23DC1568B5C5EE3A991ACB40
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e579f215675dcfb273e8d2a537a31c837a53f0cbdd7f01a6d1e13fbe4514cd24
                                                                                                                            • Instruction ID: 5a9040a4566c4d6bdc7cd63ec690ba905bcbf0763cc5601dde0678c0868f574b
                                                                                                                            • Opcode Fuzzy Hash: e579f215675dcfb273e8d2a537a31c837a53f0cbdd7f01a6d1e13fbe4514cd24
                                                                                                                            • Instruction Fuzzy Hash: 4041783560C7469BC709DE68C4504EEBBE1FFC5314F208A6DE09A8B6D5DB31980ACB85
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9ff158b3d624831e401fe7de77af25e30ec9a33523350161e123fa9c6c8558c9
                                                                                                                            • Instruction ID: 47805e6706f443310b4942dc2827d5fdf4c7068f4cff11f01cf05b2764735c49
                                                                                                                            • Opcode Fuzzy Hash: 9ff158b3d624831e401fe7de77af25e30ec9a33523350161e123fa9c6c8558c9
                                                                                                                            • Instruction Fuzzy Hash: 8D41EC362409624BD728DE3DC8A14F63397DBE5320740A33D9462CF2D9EB35A60EC780
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d454b41b705fad77c0d5a6835dc5f15486787f78c750276480e6e7492a2f455d
                                                                                                                            • Instruction ID: 92b79d934ca7a066e0a01eb2b20536bd1c6c010190efae9b6eec4a5d9699d2e8
                                                                                                                            • Opcode Fuzzy Hash: d454b41b705fad77c0d5a6835dc5f15486787f78c750276480e6e7492a2f455d
                                                                                                                            • Instruction Fuzzy Hash: 044168356042668BD70DEF29C8914EA73E2E7D1310F51C23DC1568B5C5EE369A1AC740
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9033bae95b9d5d2dc0ead5dd653c9736cf27540c60f37dfc2f347f071c53e447
                                                                                                                            • Instruction ID: ba9db3fe2f1747c523a2ca04de2f960a645b9be304f7530444d330ff5e7afceb
                                                                                                                            • Opcode Fuzzy Hash: 9033bae95b9d5d2dc0ead5dd653c9736cf27540c60f37dfc2f347f071c53e447
                                                                                                                            • Instruction Fuzzy Hash: B441CC32104B028BE71CDB34D8619EA73E2EBC6320F60877ED05ACB9C2DBB5540ECA45
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3895174132e4f35a80e4057b6ed95c4f9b5f6455917ca1527b80329c02638d1e
                                                                                                                            • Instruction ID: 2ab4fbea3ce42b7aae59dd48c12a4c99681a8a564f7781caaae7c51db0d94140
                                                                                                                            • Opcode Fuzzy Hash: 3895174132e4f35a80e4057b6ed95c4f9b5f6455917ca1527b80329c02638d1e
                                                                                                                            • Instruction Fuzzy Hash: 2241AA32208B124FE718DB38D4629FA73E2EFC5320FA08B7ED0968B4C6C774544ACA44
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d1b677b311238a0e4175a7360394180189487ed380e8f2ffe1b7f2165ff34700
                                                                                                                            • Instruction ID: 5a9a685ea0a5ea8ed3e80dd075ac4343f62dacad74c83c3fb0de17bb187ebf03
                                                                                                                            • Opcode Fuzzy Hash: d1b677b311238a0e4175a7360394180189487ed380e8f2ffe1b7f2165ff34700
                                                                                                                            • Instruction Fuzzy Hash: CC31CE36614B124BE71CDB38C8619FA73D3DBC9320F54877DD05A8B5C6D7B5640E8604
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7352e29d74351ecd1efd5fe917491bd21fa71e19397df3c643d71d7d5ca12b2e
                                                                                                                            • Instruction ID: 0a0c82fe1c8af9348d990d94906a90a7eaf66d87ad8b0aab687dd6326238f9d7
                                                                                                                            • Opcode Fuzzy Hash: 7352e29d74351ecd1efd5fe917491bd21fa71e19397df3c643d71d7d5ca12b2e
                                                                                                                            • Instruction Fuzzy Hash: 244155762292058BC70CEF29D8514EBB7D3EBE9311B10C93EE19AC7684EB34A4158B01
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ef09435e6ee10f05edc075892b35d0894f18741c37b99fe6e1881adcc3d6dbc2
                                                                                                                            • Instruction ID: d910e75adaad75e67dac9ccb443baaa8fe10b8f2d5cbf63e0b065de6569ccd0d
                                                                                                                            • Opcode Fuzzy Hash: ef09435e6ee10f05edc075892b35d0894f18741c37b99fe6e1881adcc3d6dbc2
                                                                                                                            • Instruction Fuzzy Hash: 0F31AE7791821A4BC32DEE99D8410F1B241E7D1710F10877ED99BCB4A2DB255A6B86C1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 37f532a708391e162583e8babb98d869e30a76b778aa1dd6495ccba5b4d01547
                                                                                                                            • Instruction ID: 0990c5bbc879762f75868bb0f1776ac0184718d6f962244d1da507821010e7ad
                                                                                                                            • Opcode Fuzzy Hash: 37f532a708391e162583e8babb98d869e30a76b778aa1dd6495ccba5b4d01547
                                                                                                                            • Instruction Fuzzy Hash: BB316931114B128BE71CDB38D464AEAB7D2EFC6320F648B7DD0598B5C6D7B5640ECA05
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 64c2a614413e5977466e0db73c684579fb7c88ab2e3c152d58297bcfbe6129be
                                                                                                                            • Instruction ID: 8c1d2b5894315910e438ecf811c622dee63650d4f7d92c2a234268fb908587a4
                                                                                                                            • Opcode Fuzzy Hash: 64c2a614413e5977466e0db73c684579fb7c88ab2e3c152d58297bcfbe6129be
                                                                                                                            • Instruction Fuzzy Hash: 50316C35514B124BE71CDB38D461AF6B7E2EBC5320F508B7DE05ACB5D5C7B9640ACA04
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2b81358fd58b886b0f74f5ecd8031b5c708ddada1a13fb25eb9bc3264438075c
                                                                                                                            • Instruction ID: a999bac7597d4b15ed1d8bb77213d554dcbc9fa25eeea208456d72487d1dacbc
                                                                                                                            • Opcode Fuzzy Hash: 2b81358fd58b886b0f74f5ecd8031b5c708ddada1a13fb25eb9bc3264438075c
                                                                                                                            • Instruction Fuzzy Hash: 6A31AB3A5583828BD70DEF29D4805E6B393FBD8320F6AC53D95498B648E374D927CB81
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: eafd67bd5a8243ca5e3b281c79b2f04f66b9479bd707dc47f3977c4bdee5e713
                                                                                                                            • Instruction ID: 16b52e85ab64c3c1baa3949936f93567a8e9d958f7699ce0a4e2ea66ae373cea
                                                                                                                            • Opcode Fuzzy Hash: eafd67bd5a8243ca5e3b281c79b2f04f66b9479bd707dc47f3977c4bdee5e713
                                                                                                                            • Instruction Fuzzy Hash: BF31C971605A274BE70DDA38C8A06EA7343E7C2335F50933D9022CB9E8EB39152ACA50
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 095e0e368bf1882a0ac52c2a869724558c591adfce09742e845c54875e675e48
                                                                                                                            • Instruction ID: 6df4f41e60c8899c5b89364078e4ec7d3cd5617f9cbd8e225014d6b4021ccdf1
                                                                                                                            • Opcode Fuzzy Hash: 095e0e368bf1882a0ac52c2a869724558c591adfce09742e845c54875e675e48
                                                                                                                            • Instruction Fuzzy Hash: 2C31A93654879A4BD714EFBCC8900FA7BD2EFCA321B14977D8086CB68AD634510BC740
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3b714148af4761bfe371d969782cba770986af89ad32bae8bcbf62f4a139030e
                                                                                                                            • Instruction ID: 96e96345fc16aedc0f6d4d7e1965566d4d1def8010725aec21a756691c6ae4ae
                                                                                                                            • Opcode Fuzzy Hash: 3b714148af4761bfe371d969782cba770986af89ad32bae8bcbf62f4a139030e
                                                                                                                            • Instruction Fuzzy Hash: C0319B32214B124BE71CDB38C8A59FA73D2EBD5320F50877DD0598B5C6DBB9A40E8A04
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1e0dc7e1a5b3a37a228b8026488c6a7427c0d59b44e594766ff4e3fdf72e459b
                                                                                                                            • Instruction ID: a018beaafdfad18b6efbfc69dbf7adc083d38d8b8c99133fb9a145e0ab2bcd59
                                                                                                                            • Opcode Fuzzy Hash: 1e0dc7e1a5b3a37a228b8026488c6a7427c0d59b44e594766ff4e3fdf72e459b
                                                                                                                            • Instruction Fuzzy Hash: F711C137B246720BE360DE6AECC4596635AFFE5216B1A0534EAC1C7242EA27FC61D190
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 67fa2c0f4dd0360606862afa4890c6f7d8c5749d789debb57f46314cb20a02df
                                                                                                                            • Instruction ID: 7a2849efd43f325fff1e97066cba38fe2d55270ac2df50e4083de1bb5954f99f
                                                                                                                            • Opcode Fuzzy Hash: 67fa2c0f4dd0360606862afa4890c6f7d8c5749d789debb57f46314cb20a02df
                                                                                                                            • Instruction Fuzzy Hash: BA217B3AA146064BD718EE7E98500E67793FBDA320B00877EA4AAC73C8DA35501ACA44
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fc047be68237273590d903117626f89b14762beb9f8db61748ec4783bda9adce
                                                                                                                            • Instruction ID: 19de1ff78971c2cc6e104a56d242c171b323a009215a1c1da80537145d79b6f5
                                                                                                                            • Opcode Fuzzy Hash: fc047be68237273590d903117626f89b14762beb9f8db61748ec4783bda9adce
                                                                                                                            • Instruction Fuzzy Hash: 1221B4B5A04309CFCB108F68E8906AA7BF4FB59355F0448BDE946D7301E33AD512CB91
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                            • Instruction ID: f7a17673eaab1d8fd635ebf377c25143c0b1a5bc2a71023d5fff3a9b378fc1e7
                                                                                                                            • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                            • Instruction Fuzzy Hash: 5A110033A061D84EC3159D3C98405697FD35BA3234F5D4399F4B4DB2D2D9238D8A8364
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ccd4263a6600a8e6b338023b0181bc1196df4a3e081a7fe201df2049addf5b40
                                                                                                                            • Instruction ID: 87d09a5ca71f258c8c13af819456f6abffe6bbeaee1dc1377314b2409eaecb88
                                                                                                                            • Opcode Fuzzy Hash: ccd4263a6600a8e6b338023b0181bc1196df4a3e081a7fe201df2049addf5b40
                                                                                                                            • Instruction Fuzzy Hash: 62011EF5A0130157DB209E5894C1727A2A9FFD5704F18483CE805DB282EB75EC4686E2
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocString
                                                                                                                            • String ID: +$+$0$1$5$8$<$@$A$B$D$E$F$G$M$N$O$R$R$S$U$a$d$f$j$s$x$y
                                                                                                                            • API String ID: 2525500382-72532290
                                                                                                                            • Opcode ID: 6aec367d5c4b3d6f95854ebe5911e28ddeeeb88a8dc06fb261e0eee243804007
                                                                                                                            • Instruction ID: 82a0a579df445d45a8e62f017ae53c90277c25de15205c31e71243e5d84e15dd
                                                                                                                            • Opcode Fuzzy Hash: 6aec367d5c4b3d6f95854ebe5911e28ddeeeb88a8dc06fb261e0eee243804007
                                                                                                                            • Instruction Fuzzy Hash: 26A10C2150CBD2CAD332C63C8848B9FBED16BA2224F188BADD5ED9B3D2D67545058763
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitVariant
                                                                                                                            • String ID: !$#$'$5$7$L$M$O$Q$S$U$W$Y$[$]$_
                                                                                                                            • API String ID: 1927566239-3619762162
                                                                                                                            • Opcode ID: a563b401697dbbd6fc85f434a8a041d259b4991b7a44ea566b79a2066723efe7
                                                                                                                            • Instruction ID: 18292accf7d12bb58989a171051d81c120c3fa1996876051e928807dca49cf7a
                                                                                                                            • Opcode Fuzzy Hash: a563b401697dbbd6fc85f434a8a041d259b4991b7a44ea566b79a2066723efe7
                                                                                                                            • Instruction Fuzzy Hash: 5041487040C7C1CAD365CB28849835FBFE0AB96318F488A9DE5E94B392D3B98505CB93
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitVariant
                                                                                                                            • String ID: !$#$'$5$7$L$M$O$Q$S$U$W$Y$[$]$_
                                                                                                                            • API String ID: 1927566239-3619762162
                                                                                                                            • Opcode ID: 9c6da7a3cb180ade246e578c49f204926159bf894e7ecd022c100c1bdaa6cb9f
                                                                                                                            • Instruction ID: 8cf3e1fbd18d1d06c1f7e57effabdd09bee95e5e67ec24ff8e37e842b8fc9ad1
                                                                                                                            • Opcode Fuzzy Hash: 9c6da7a3cb180ade246e578c49f204926159bf894e7ecd022c100c1bdaa6cb9f
                                                                                                                            • Instruction Fuzzy Hash: AC41D87000C7C1CAD365CB28949875FBFE06BA6318F485A8DF5E85B392C3BA8505CB53
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Variant$ClearInit
                                                                                                                            • String ID: )$+$-$/$1$3$5$7$9$;$=$>$?$d
                                                                                                                            • API String ID: 2610073882-809355576
                                                                                                                            • Opcode ID: b01ab03d8656445302884b90c88718e2fd55cd7cb589f6a031ff487057a3f253
                                                                                                                            • Instruction ID: eb89d6b817ce2e9fbb0c758837b5b5698e7ab4680d6708b4406815c8c2e47357
                                                                                                                            • Opcode Fuzzy Hash: b01ab03d8656445302884b90c88718e2fd55cd7cb589f6a031ff487057a3f253
                                                                                                                            • Instruction Fuzzy Hash: 3F41397140CBC18ED322DB38844835BBFE26BE6314F594A9DE4E1473A6C674850ACB93
                                                                                                                            APIs
                                                                                                                            • CoCreateInstance.OLE32(00857AA8,00000000,00000001,00857A98,00000000), ref: 0084BC97
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CreateInstance
                                                                                                                            • String ID: :$r}$s"$x
                                                                                                                            • API String ID: 542301482-3244239955
                                                                                                                            • Opcode ID: fcd72b88eb27dd76dafa59f1e80fc882aa117b81c8ac6e05b7f39eedf0d23110
                                                                                                                            • Instruction ID: 97d4da3430e6bcd622dff5417072c54bca8a0b76afde13057324a4e3e0391b29
                                                                                                                            • Opcode Fuzzy Hash: fcd72b88eb27dd76dafa59f1e80fc882aa117b81c8ac6e05b7f39eedf0d23110
                                                                                                                            • Instruction Fuzzy Hash: 3131C9769483049BE320CF15C905B4FBBE4FBC2705F118A1CF994AB290C7B88908CB93
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: /~$`c$57
                                                                                                                            • API String ID: 0-484455979
                                                                                                                            • Opcode ID: 0a0d26fd6b6834c7747c5b144062c43fdca727a1345f40b14a97de188fad7432
                                                                                                                            • Instruction ID: b2b8e38dded093e1403ec4d614d732de2220ede0f108213ac37b0cea70d420b7
                                                                                                                            • Opcode Fuzzy Hash: 0a0d26fd6b6834c7747c5b144062c43fdca727a1345f40b14a97de188fad7432
                                                                                                                            • Instruction Fuzzy Hash: E5B1DCB4D003289FDB209F69DC4279EBBB4FF42304F1445A9D549AB341EB344A8ACF92
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: /~$`c$57
                                                                                                                            • API String ID: 0-484455979
                                                                                                                            • Opcode ID: d842788543badc65ae91ad96bd60ed4783324915f3d6dfe5d5098f6c794694f9
                                                                                                                            • Instruction ID: a33b62477c4443cd74c2c02e39f8673d90f69a9fbabe3ccce4b0afd94c3e18a3
                                                                                                                            • Opcode Fuzzy Hash: d842788543badc65ae91ad96bd60ed4783324915f3d6dfe5d5098f6c794694f9
                                                                                                                            • Instruction Fuzzy Hash: 28B1DCB4D003289FDB209F69DC427AEBBB4FF46304F1441A9D549AB241DB344A8ACF92
                                                                                                                            APIs
                                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00820CB2
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1691767106.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1691755475.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691796790.0000000000856000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691813054.0000000000859000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1691831590.0000000000869000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692160296.0000000000B12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692181783.0000000000B13000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1692844213.0000000001095000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_810000_SecuriteInfo.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeSecurity
                                                                                                                            • String ID: Mz$tO
                                                                                                                            • API String ID: 640775948-2668044433
                                                                                                                            • Opcode ID: d7ef9694650788df00bb7f55c121cd2d3cafb40a6970214d8e50f067236b59c4
                                                                                                                            • Instruction ID: 84d4da3e0161355e037931bcf34411729c026f58a38f04f7af172ae80860877f
                                                                                                                            • Opcode Fuzzy Hash: d7ef9694650788df00bb7f55c121cd2d3cafb40a6970214d8e50f067236b59c4
                                                                                                                            • Instruction Fuzzy Hash: 0DA1E0B01047818FD3258F24D890766BBA1FF56305F298A9CC0D68B796D739E886CF91